Browse by Tags

All Tags » General Security (RSS)

Immutable Security Laws and Windows Sidebar Gadgets

Immutable Security Law number 1 : If a bad guy can persuade you to run his program on your computer, it's not your computer anymore I love the Immutable Security Laws – they strike a chord deep within me, and they’re a “go to” resource every time...

MVP news

My MVP award expires on March 31 So, I've submitted my information for re-awarding as an MVP - we'll see whether I've done enough this year to warrant being admitted again into the MVP ranks. MVP Summit Next week is the MVP Summit , where...

Changing passwords on a service, part 3

It’s been quite some time since I wrote about changing passwords on a Windows service , and then provided a simple tool written in Visual Basic to propagate a password among several systems sharing the same account. I hinted at the time that this was...

What else I did at Black Hat / DefCon–the Core DataMatrix Contest

Black Hat, and its associated sideshow, DefCon, consists of a number of different components. Training, Briefings, Exhibition and Contests, all make up part of Black Hat, and DefCon is a looser collection of Workshops, Events, Parties, Talks, Villages...

NCSAM 2011–Post 21–Failure is always an option

For my last post in the National Cyber Security Awareness Month, I’d like to expound on an important maxim for security. Failure is always an option – and sometimes the best If you can’t handle a customer’s credit card in a secure fashion, you shouldn...

NCSAM/2011–Post 20–Is SSL broken?

It seems like a strange question for me to ask, given that in a number of my National Cyber Security Awareness Month posts to date, I have been advising you to use SSL or TLS to protect your communications. [Remember: TLS is the new name for SSL, but...

NCSAM/2011–Post 19–Is it safe to give out my keys?

There are some people who seem to get this right away, and others to whom I seem to have been explaining this concept for years. [And you know who you are, if you’re reading this!] Whenever you talk about keys used for encryption, you have to figure out...

NCSAM/2011–Post 18–Know what security you want from your network

In yesterday’s post , we talked about how SSL and HTTPS don’t provide perfect security for your web surfing needs. You need to make sure that a site is also protecting its applications and credentials. This can be generalised One of my favourite interview...

NCSAM/2011–Post 17–SSL does not make your web site secure

I know, it sounds like complete heresy, but there it is – SSL and HTTPS will not make your web site secure. Even more appropriate (although I queued the title of this topic up almost a month ago) is this recent piece of news: Top FBI Cyber Cop Recommends...

NCSAM/2011–Post 16–FTP is secure

Week 4 of National Cyber Security Awareness Month, and I’m getting into the more advanced topics of secure communications and protocols. I figured I couldn’t start this topic without something that’s very near and dear to me – the security of FTP. The...

NCSAM/2011–Week 3 summary–names and addresses

So, what did we learn this week? Your user name is not a secret Because the operating system doesn’t bother to help you hide user names, and because those user names are used in countless protocols as if they were public information, you’re backing a...

NCSAM/2011–Post 15–What’s the better firewall–black-hole, or RFC compliant?

So, given the information we have so far, you should be able to answer the question. Background info There are two schools of thought when it comes to how a firewall should behave in some situations. The one school says that a firewall should ignore all...

NCSAM/2011–Post 14–An IP address as an authenticator?

So we’ve talked a little about names as claims of identities and passwords as proofs of those identities , continuing on to describe a fingerprint as a reasonable proof of identity , but perhaps not so useful when it has to be a claim and proof of identity...

NCSAM/2011–Post 13–What’s a fingerprint–name or password?

I’ve given a couple of arguments about names and why they shouldn’t be treated like passwords now, and because I always like to turn problems into classes of problems to be solved (the “meta-approach”), I figured a long time ago that I should decide what...

NCSAM/2011–Post 12–Don’t bother renaming Administrator

My argument here is much in the same vein as my previous post on choosing random usernames . I’ve met a number of people who argue that renaming the built-in Windows Administrator account is a great security measure, because an attacker now has to guess...

NCSAM/2011–Post 11–Your user name is not a secret

It always amuses me when I receive an email where the “From” line reads something like this: From: mo95213@example.com (Davis McTeague) Because what this means to me is that some well-meaning security practitioner has decided that giving users random...

NCSAM/2011–Week 2 summary–wireless networking (Wi-Fi)

So, what did we learn this week? Don't disable SSID broadcast While it may sound like it helps you secure your network, it doesn’t really do anything of the sort. About the only argument in favour of this feature is that it causes casual users to...

NCSAM/2011–Post 10–WiFi is MITM central

So, why all the fuss about securing Wi-Fi? And what’s this “MITM” you talk about in the title of this post? MITM is a common abbreviation for “Man In The Middle”, a type of computer security attack, in which the attacker sits between the two ends of a...

NCSAM/2011–Post 9–Use a VPN

Not everyone has the option of a VPN (Virtual Private Network), so I’m feeling somewhat naughty even suggesting it. Where possible, use a VPN When using a Wi-Fi network, if possible, connect to a secure VPN before doing anything. Getting a VPN If you...

NCSAM/2011–Post 8–Beware Rogue Access Points

Everywhere we go, it’s tempting to hunt for Wi-Fi service; especially to find free Wi-Fi service. I do it all the time, and mostly I’m happy to find a local Starbucks or other Wi-Fi provider with which I am familiar. Every so often, however, I come across...
More Posts « Previous page - Next page »