Browse by Tags

All Tags » Things I Learned At Microsoft (RSS)
Thursday, April 24, 2008 4:47 PM

UAC - The Emperor's New Clothes

I heard a complaint the other day about UAC - User Account Control - that was new to me. Let's face it, as a Security MVP, I hear a lot of complaints about UAC - not least from my wife, who isn't happy with the idea that she can be logged on as...
Posted by alunj | 6 comment(s)
Filed under: , , , ,
Tuesday, April 22, 2008 3:06 PM

Silently fixing security bugs - how dare they!

Over in " Random Things from Dark Places ", Hellnbak posts about reducing vulnerability counts by applying the SDL (Security Development Lifecycle), and makes the very reasonable point that vulnerabilities found prior to release by a scan that...
Posted by alunj | 3 comment(s)
Filed under: ,
Monday, February 04, 2008 12:21 PM

Google on Microsoft / Yahoo! Deal: "Wah!"

In case you've been under a rock, Microsoft appears to be trying to take advantage of Yahoo! Inc's recent poor performance to make an unsolicited offer (as far as I can tell, it's not a hostile bid until and unless Yahoo! officers declare...
Posted by alunj | with no comments
Filed under: ,
Thursday, January 17, 2008 9:24 PM

Waiting for Vista SP1?

In a previous article, I wrote about how to sound stupid by saying " let's wait for Service Pack 1 before we deploy Windows Vista ". Now here are a few ways to sound clever, by pointing to specific issues that will be fixed by Windows Vista...
Posted by alunj | 5 comment(s)
Filed under: , ,
Friday, January 11, 2008 9:03 PM

Why you don't run as root

[... or administrator, or whatever] I like Roger Grimes, he's a nice guy, and he generally makes me think about what he has to say. That's a good thing, because otherwise he'd either be part of the same choir as me, or he'd be the sort...
Posted by alunj | 4 comment(s)
Filed under: , , , , ,
Thursday, November 22, 2007 10:44 PM

How many people do you represent?

In my earlier discussion on why 100% utilisation is not maximum efficiency , I alluded to the fact that a rejected customer, or a customer with a bad experience, will tell other potential customers that you never get to see. This reminded me that there...
Posted by alunj | with no comments
Filed under: , ,
Thursday, August 30, 2007 6:08 AM

Let's just wait for Service Pack 1

Every so often, I'll hear it said, and frequently not in jest, "let's wait until Service Pack 1 before we deploy Vista", or sometimes "Server 2008". While it's true that Microsoft has indeed announced plans to test, and...
Posted by alunj | 10 comment(s)
Filed under: , ,
Wednesday, August 29, 2007 9:08 PM

Are you a 'dual'?

Last month at Tech-Ed, I was discussing with someone from the Solution Accelerators team about how I wished that Microsoft would produce some administration documentation for developers, and/or developer documentation for administrators, so that the two...
Posted by alunj | 1 comment(s)
Filed under: , ,
Wednesday, August 22, 2007 9:53 PM

Larry Osterman isn't that into you, either.

In previous articles, I've pointed out: Programmer Hubris - He's just not that into you Programmer Hubris - I don't run your software all the time Programmer Hubris Part 3 - Microsoft Knows I'm Not That Into Them I'm still not that...
Posted by alunj | with no comments
Filed under: , ,
Thursday, July 26, 2007 9:05 PM

firefoxURL:%03

Part 3 - and I promise that's the lot for now, because it's starting to look like I'm obsessed or something. Over the past week or so, you've read me talking about vulnerabilities in Fire fox's protocol handlers, and how my perception...
Posted by alunj | 4 comment(s)
Filed under: , ,
Sunday, July 22, 2007 1:57 PM

firefoxurl: URL vulnerability

Heard about the firefoxurl vulnerability? It turns out that you can exploit Firefox by having Internet Explorer visit a link to a URL that starts with "firefoxurl:" (and a bunch of other code). [Assuming you have Firefox on your computer along...
Posted by alunj | 5 comment(s)
Filed under: , ,
Tuesday, June 19, 2007 11:52 AM

Security Expert Chat - Thursday 6/21/2007, 4pm PDT

Technet's brief description for a chat this Thursday (June 21st) at 4pm PDT: Q&A with the Security MVP Experts We invite you to attend an Q&A with the Microsoft Security MVPs. In this chat the MVP experts will answer your questions regarding...
Posted by alunj | with no comments
Filed under: ,
More Posts Next page »