Browse by Tags

All Tags » General Security (RSS)
Saturday, May 10, 2008 10:49 AM

In Defence of the Self-Signed Certificate

Recently I discussed using EFS as a simple, yet reliable, form of file encryption. Among the doubts raised was the following from an article by fellow MVP Deb Shinder on EFS: EFS generates a self-signed certificate. However, there are problems inherent...
Posted by alunj | with no comments
Filed under: , ,
Friday, May 09, 2008 9:32 PM

Apple Changes Update Policies - Still No Biscuit

As I have mentioned in other posts ( Retro-bundling - another suck of the Apple , MacBook Air debuts; iTunes Pesters Me Again , Removing Apple Mobile Device Support , I didn't want iTunes - now I've got iPod, too? , etc, etc), this has long since...
Posted by alunj | with no comments
Filed under: ,
Tuesday, May 06, 2008 5:33 PM

Think like a bad guy? It's a start.

Cool new site (and blog ) from Microsoft - http://securedeveloper.com - and it has a tag line I've heard many times before: Like that old maxim that "you need to stop fighting fires long enough to tell the architects to stop building things out...
Posted by alunj | 1 comment(s)
Filed under: ,
Friday, May 02, 2008 8:24 PM

Security Koan #3

The security guard phoned his boss in a panic. "There's been a break-in to the site, sir. The intruders aren't anywhere to be seen, but they've got away with a bunch of equipment." "Understood - go and look at the perimeter...
Posted by alunj | with no comments
Filed under:
Thursday, April 24, 2008 4:47 PM

UAC - The Emperor's New Clothes

I heard a complaint the other day about UAC - User Account Control - that was new to me. Let's face it, as a Security MVP, I hear a lot of complaints about UAC - not least from my wife, who isn't happy with the idea that she can be logged on as...
Posted by alunj | 6 comment(s)
Filed under: , , , ,
Tuesday, April 22, 2008 3:06 PM

Silently fixing security bugs - how dare they!

Over in " Random Things from Dark Places ", Hellnbak posts about reducing vulnerability counts by applying the SDL (Security Development Lifecycle), and makes the very reasonable point that vulnerabilities found prior to release by a scan that...
Posted by alunj | 3 comment(s)
Filed under: ,
Tuesday, February 26, 2008 11:55 AM

CS-RCS Pro on Vista

I've been trying back and forth to get CS-RCS Pro , a version control suite, to work on Windows Vista. I like CS-RCS Pro for a number of reasons: Files stored in CS-RCS Pro are kept in a simple format, open and well-documented. As a result, if I ever...
Posted by alunj | with no comments
Filed under: , , ,
Thursday, February 07, 2008 12:20 PM

Dealing in Vulnerabilities - Denying the Vendor

Full disclosure, responsible disclosure, malicious exploit use, there are so many ways to act when you find a vulnerability. What about disclosure to a select band of people (selected only by their ability to pay you a bucket of money every year), and...
Posted by alunj | 3 comment(s)
Filed under:
Thursday, January 24, 2008 9:19 PM

Vista's Secret Windows Firewall hole

First, the good news - it's not a flaw in the operation of Windows Firewall on Windows Vista. It's a design feature, it makes sense, and it fits in with the principle that the firewall should keep out unsolicited traffic. It's not really a...
Posted by alunj | 2 comment(s)
Filed under: , , ,
Friday, January 11, 2008 9:03 PM

Why you don't run as root

[... or administrator, or whatever] I like Roger Grimes, he's a nice guy, and he generally makes me think about what he has to say. That's a good thing, because otherwise he'd either be part of the same choir as me, or he'd be the sort...
Posted by alunj | 4 comment(s)
Filed under: , , , , ,
Monday, January 07, 2008 9:22 PM

How broken is the banking system?

My kid and I love watching Top Gear - me, because it's nice to see him interested in a very traditional British TV programme (in the US, you can find it on BBC America), and him, because he just loves cars - particularly high-performance ones. So...
Posted by alunj | 3 comment(s)
Filed under: , ,
Saturday, December 29, 2007 11:23 AM

Is a NAT a security device?

I've been working lately on a couple of IPv6-related projects. First, there's a chapter for an upcoming book, and second, there's the effort to make WFTPD and WFTPD Pro work on IPv6, since it's enabled by default in Windows Vista and Windows...
Posted by alunj | 6 comment(s)
Filed under: , , ,
More Posts Next page »