Browse by Tags
All Tags »
Security Pontification (
RSS)
Munir Kotadia, an IT Journalist in Australia, has finally managed to figure out how to blame Microsoft for the fake anti-malware epidemic. Apparently, the reason is that "Microsoft could save the world from fake security applications by introducing...
It's official. I just received an e-mail from Thawte notifying me that, as of November 16, 2009, the most innovative and useful idea in PKI since its inception, the Web of Trust , will die. Thawte was founded 14 years ago by Mark Shuttleworth. The...
Today I finally got wind of my first piece of true standard user malware. MS Antispyware 2008 has turned standard user. The version in question installs the binaries in c:\documents and settings\all users\application data\<something>, and makes...
Last week, an expert from Verizon, nee Cybertrust, posted a note about the Active Template Library (ATL) security vulnerability over on the Verizon Business Security Blog . For home users, the phone company now advises you to use a different browser,...
Recently I had a very interesting incident. I wrote an article some time in 2008 and the publisher paid me a little bit of money for it. That means the publisher must send a report to the Internal Revenue Service (IRS - the U.S. tax department) reporting...
CBS News did a story a few days ago on the Transportation Security Administration (TSA). Basically it was a tit-for-tat between Bruce Schneier , security pontificator extraordinaire, and Kip Hawley, the administrator of the TSA. Mr. Hawley's maintans...
Wired, always a source for amusement and interesting literature, just carried a story on a "hacker" (the magazine's use of the term equates to "criminal") who attempted to dominate the market in stolen credit cards. It's a...
Shocking, yes, I know, but in only four hours this evening Microsoft has managed to alienate over 150 additional customers with its insistence on Digital Rights Management (DRM). This time it is the DRM component of the Zune store that is down, according...
I get a fair bit of blog spam - comments advertising everything from sexual enhancers to fake anti-malware. This one just came in this morning: Sweet! I can turn off all the blog spam just by e-mailing the criminals? Or, could it possibly be that this...
For a while I've been thinking about writing something about interesting times I've had at various airport security checkpoints; security theater, as they have come to be known. There is the obvious shoe removal arguments and the ill-defined rules...
A couple of weeks ago Microsoft released an out-of-band security update in bulletin MS08-067 . Looking at the type of vulnerability and the fact that the issue was already being exploited in the wild at the time, this was a good decision. If you have...
The final installment in my series called " Security is About Passwords and Credit Cards " is now up on TechNet Magazine. This part of the series discusses updating technologies, including how not to abuse them, messaging about security, and...
The second part of my " Security is About Passwords and Credit Cards " article just hit the web. This installment looks at logon processes, misleading security eye candy, and insecure communications with customers. As always, I'd love your...
Security is About Passwords and Credit Cards. That's what a very nice lady told me a few months ago. At first I shrugged it off. Of course security is so much more than that. As I started to process it though I realized that is exactly what it is...
This has not really been that normal a week for me, but at least another article made it into print. The June 2008 issue of TechNet Magazine is headlined by an article I wrote with my friend Roger Grimes, Security Adviser for Infoworld , on Security by...
I do not run any anti-malware software on my primary workstation. It's a habit I got into way back when I was doing penetration assessments. I showed up at the site, fired up ye olde laptop, and went to run some tool. ...went to run some tool. Hey...
The May 2008 issue of TechNet Magazine is out. It has an article in it that I have been wanting to write for a long time, called Quantum Security . In it I posit the argument that there are some fundamental laws of security, similar to the laws of physics...
This morning there was an interesting question in the Windows Vista Security Newsgroup . The poster had written an application that users were downloading. However, when they ran the application they received a warning dialog, like this one: The poster...
Susan just pointed me to a " Self-assessment questionnaire " for the Payment Card Industry Data Security Standard (PCI/DSS). While, on the whole, the intent of that standard is good, there are some areas of it that, as usual, stray into the...
Chris Hoofnagle, of the Berkeley Center for Law And Technology just published a fascinating report entitled " Measuring Identity Theft at Top Banks ." If you have not already, and you are at all interested in security and privacy, you owe it...
More Posts
Next page »