Browse by Tags

All Tags » Why is PKI so hard? (RSS)
Saturday, May 10, 2008 10:49 AM

In Defence of the Self-Signed Certificate

Recently I discussed using EFS as a simple, yet reliable, form of file encryption. Among the doubts raised was the following from an article by fellow MVP Deb Shinder on EFS: EFS generates a self-signed certificate. However, there are problems inherent...
Posted by alunj | with no comments
Filed under: , ,
Saturday, May 03, 2008 4:57 PM

Can You Write Good Code for an OS you Despise?

No, this isn't another of my anti-Mac frothing rants. This is one of my "here's what I hate about many of the open-source projects I deal with" rants. I'm trying to find an SFTP client for Windows that works the way I want it to...
Posted by alunj | 1 comment(s)
Filed under: , ,
Friday, June 08, 2007 12:01 PM

Can't I trust the Postal Service? Part 2 - the certificate.

In part 1 of this mini-series , I talked about how the US Postal Service had deployed only part of the certificate that they had bought, and that this resulted in either an irritating dialog (in IE 6, and other browsers), or a page that warned you not...
Posted by alunj | 4 comment(s)
Filed under: ,
Sunday, May 20, 2007 9:10 PM

Can't I trust the Postal Service? Part 1 - the crypto.

The Security MVPs have a private mailing list on which we gather to share expertise or our interesting findings - the following was raised by an MVP, and very much interested me, on a number of levels: The US Postal Service has a web service (as well...
Posted by alunj | 1 comment(s)
Filed under: , ,
Saturday, March 24, 2007 9:30 PM

EFS in a domain expires after three years

I enjoyed the research for writing my article on EFS , for the Technet Security Newsletter , but there's always something experience will teach you. Here's an issue I experienced just last week, with EFS. It shouldn't have been a surprise, given what...
Posted by alunj | 3 comment(s)
Filed under: , ,
Wednesday, February 21, 2007 10:05 PM

Finding your private keys

For the most part, Windows users and administrators don't ever have to worry about how or where their private keys are stored. After all, your private key is yours , and it's private . You request it to be generated, and then you don't need to touch it...
Posted by alunj | 1 comment(s)
Filed under: , ,
Saturday, January 13, 2007 9:30 PM

Certificate Manager does not require administrator access.

When you manage your personal certificates in Windows, the tool to use is Certificate Manager - you can access it either by running " certmgr.msc " to access your own personal certificate store, or by running MMC, the Microsoft Management Console, and...
Posted by alunj | 1 comment(s)
Filed under: , , ,
Tuesday, November 07, 2006 7:09 AM

ChangePassword versus SetPassword

Writing a piece of code last night, I was struck by the thought that many developers I've worked with would not know why I use a ChangePassword function, instead of a SetPassword function. The difference in use is simple - SetPassword requires one password...
Posted by alunj | with no comments
Filed under: , ,
Tuesday, July 18, 2006 6:56 PM

Defence in death

"Defence in depth" (or "defense in depth", if you're American) is a frequently misunderstood term in security. It refers to designing your software with the assumption that layers above you that were supposed to protect you have failed to do so - in whatever...
Posted by alunj | with no comments
Filed under: ,
Monday, July 17, 2006 5:48 PM

Where did Private Folders go?

Wow - yesterday, you could download "Microsoft Private Folders" (if you were attested as Genuine) from Microsoft's downloads site. Today, it's gone. There's a brief synopsis of the story at the Seattle P-I's site here - as usual, I'm patient enough to...
Posted by alunj | with no comments
Filed under: ,
Wednesday, July 05, 2006 11:06 AM

New ActiveSync - still not going to upgrade to it.

Microsoft just released a new version of ActiveSync - version 4.2 . It has some Outlook improvements, proxy improvements, partnership improvements, and VPN connectivity improvements. So why am I still not going to bother installing this? Because it still...
Posted by alunj | 1 comment(s)
Filed under: ,
Saturday, May 27, 2006 6:10 PM

PGP / Truecrypt brouhaha

There's a fascinating debate going on at present. Two 'researchers', called Abed and Adonis, are trumpeting their mad sk177z at cryptography . They have a few basic claims: They can bypass authentication on PGP self-decrypting archives. They can decrypt...
Posted by alunj | with no comments
Filed under: ,
More Posts Next page »