Browse by Tags

All Tags » General Security (RSS)
Mon, Nov 2 2009 20:59

Why changing passwords should be done regularly

A little birdie sent me a copy of today’s SANS ISC diary entry . That’s a good thing, because I’m at home sick with alleged piggy flu, and I’m not able to keep up with a whole lot. The diary entry argues that regular changes of passwords are often done...
Posted by Alun Jones | 1 comment(s)
Filed under: ,
Mon, Oct 26 2009 21:15

White House moves to Open Source

Subtitle: Media posts uninformed rubbish as commentary From the MSNBC story “ White House opens Web site coding to public ”: "Security is fundamentally built into the development process because the community is made up of people from all across...
Posted by Alun Jones | with no comments
Filed under: ,
Sun, Oct 25 2009 12:24

Phishing at Hotmail, GMail, Yahoo! Mail, etc.

Recent password exposures at a number of online email services remind me to give a little advice on passwords. Definitely use this as a reminder to do something about your passwords – but don’t do the obvious thing. Don’t rush round and change all your...
Posted by Alun Jones | with no comments
Filed under:
Tue, Oct 20 2009 20:44

SAL-like code annotations for Java

http://types.cs.washington.edu/jsr308/ seems to be talking about a set of type annotations for Java that are similar to those provided in Microsoft Visual C++ by SAL, the Standard Annotation Language . One thing that the Java annotations have going for...
Posted by Alun Jones | 2 comment(s)
Filed under: ,
Sat, Sep 26 2009 20:22

Sometimes It Seems Like Unix(*) Needs to Learn from Windows

(*) By “Unix”, I mean Linux, Unix, AIX, OS/X, and similar flavours. Way back when, about twenty or so years ago, I was a Unix admin, and a Unix developer. I had to be both, because I was the only person in the company who could spell Unix...
Posted by Alun Jones | 17 comment(s)
Filed under: , , ,
Tue, Jul 21 2009 22:09

Would you behave differently in a shared office?

How would you change your behaviour at work if you knew the person seated one desk over worked for a competitor? How would your behaviour change if you knew the person one cubicle over was about to work for a competitor? What if you knew that your cubicle...
Posted by Alun Jones | with no comments
Filed under:
Mon, Jul 13 2009 23:48

How FTP Data Connections Work Part 2 (OR: Fun With Port 20)

As we mentioned in the 1st part of this series , FTP is a more complex protocol than many, using one control connection and one data connection. A recap of the first post… In typical Stream Mode operation, a new data connection is opened and closed for...
Posted by Alun Jones | 1 comment(s)
Filed under: , , ,
Wed, Jul 8 2009 23:18

How FTP Data Connections Work Part 1 (OR: Don’t Open Port 20 in your Firewall!)

This will be the first of a couple of articles on FTP, as I’ve been asked to post this information in an easy-to-read format in a public place where it can be referred to. I think my expertise in developing and supporting WFTPD and WFTPD Pro allow me...
Posted by Alun Jones | 9 comment(s)
Filed under: , , , ,
Tue, Mar 3 2009 15:45

Microsoft TechFest

Last week, I went to Microsoft’s TechFest as part of their “Public Day”. This is the first time MVPs as a group have been invited to this event, and although it’s clear we missed some of the demonstrations that are not public-ready, this is something...
Posted by Alun Jones | 1 comment(s)
Filed under: , ,
Fri, Feb 6 2009 19:38

If Your GPS Worked Like An Information Security Team

… it would fend off dangerous drivers from hitting you. … it would give you regular statistics on the number of accidents on your daily route, so you could make decisions to avoid newly bad parts of town. … it would help you plan...
Posted by Alun Jones | 1 comment(s)
Filed under:
Mon, Feb 2 2009 17:47

When “All” isn’t everything you need – Terminal Services Gateway certificates.

Setting up Terminal Services Gateway on Windows Server 2008 the other day. It’s an excellent technology, and one I’ve been waiting for for some time – after all, it’s fairly logical to want to have one “bounce point” into which you connect, and have your...
Posted by Alun Jones | 1 comment(s)
Filed under: , ,
Wed, Jan 28 2009 6:57

Debugging SSTP error -2147023660

Setting up an SSTP (Secure Socket Tunneling Protocol) connection earlier, I encountered a vaguely reminiscent problem. [SSTP allows virtual private network – VPN – connections between clients running Vista Service Pack 1 and later and servers running...
Posted by Alun Jones | with no comments
Filed under: , , ,
Thu, Jan 22 2009 4:39

The CWE Top 25 Programming Mistakes

I’ve read some debate about the top 25 programming mistakes as documented by the CWE (Common Weakness Enumeration) project, in collaboration with the SANS Institute and the MITRE . That the list isn’t complete, that there are some items that aren’t in...
Posted by Alun Jones | 1 comment(s)
Filed under: , , ,
Tue, Jan 20 2009 16:50

“Fully Stealthed” means fully spoofable

Every so often, someone on one of the security mailing lists to which I subscribe will post a frothing rant from someone who has discovered their own personal “magic bullet” which solves all their security woes. This time, it’s a guy who was convinced...
Posted by Alun Jones | with no comments
Filed under: , ,
Thu, Jan 1 2009 19:31

Microsoft Security Advisory – MD5 collisions

I would hardly be able to call my blog “Tales from the Crypto” if I didn’t pass at least some comment on the recent Microsoft Security Advisory , and the technical pre-paper on which it is based . To an uninformed reader, the advisory (and especially...
Posted by Alun Jones | 3 comment(s)
Filed under: ,
Tue, Dec 9 2008 20:52

Redmond Report says “Vista Kernel Flawed”

This is just some lovely reporting: Vista Kernel Ready To Pop? Vista, due largely to its lockdown of user rights, is far more secure than XP. But it's not 100 percent safe. In fact, the kernel itself has an issue that could lead to buffer overflow...
Posted by Alun Jones | 2 comment(s)
Filed under: ,
Sat, Nov 8 2008 14:46

Nobody stopped me, as I put the second laptop into my bag...

I have two laptops that I carry with me most places I go. This isn't showing off, it's just something I do for a number of reasons. (One laptop is for work, the other is personal) On a recent trip, I wanted to leave one with my wife as she dropped...
Posted by Alun Jones | 6 comment(s)
Filed under: ,
Tue, Oct 14 2008 21:11

FAQ on 2nd Auth

I’ve already received a number of questions about my secondary authentication tool, 2ndAuth . Here’s a few answers: You only show it working for Windows Server 2003 and Windows XP – does it work on other platforms? Currently, we only support using it...
Posted by Alun Jones | 2 comment(s)
Filed under: ,
Wed, Oct 8 2008 8:09

New PCI DSS (Credit Card Security) Standard

I’ve been asked by a couple of people to put forth my views on the latest PCI DSS (Payment Card Industry Data Security Standard) version, released last week. Several of the changes have hit topics close to my heart, so I’m overall happier with PCI DSS...
Posted by Alun Jones | 5 comment(s)
Filed under:
Tue, Sep 23 2008 5:47

Shared accounts got you down?

Here’s a description of a tool I’ve been itching to release for some time now - “2ndAuth”, short for “secondary authentication”. This is how it works: 1. The user logs on using a shared account – an account that is known to be shared by a number of different...
Posted by Alun Jones | 5 comment(s)
Filed under: ,
More Posts Next page »