Browse by Tags
All Tags »
Windows Security (
RSS)
A month ago I downloaded a well-known shareware application from a download web site–a site that has been around long enough for me to recognize the name. I wanted to test the download speeds on a freshly installed Windows 2008 server in my data...
What distinguishes an effective CAPTCHA from a poor CAPTCHA is the ability to make things hard on non-humans without making things hard on humans. Most of the CAPTCHAS I see out there fail in one of those two features. But while I thought I had seen the...
I just finished writing patch reports for Windows systems I must support for my clients or for my own business. After you put together all the Vistas, XP’s, 2000’s, 2003’s, SP’s, R2’s, x64’s, and IE6 and 7’s,...
A couple of years ago I wrote an article at SecurityFocus.com about my security paranoia, which ended up in a lot of people thinking I went way too far and perhaps needed some mental help. In the article I wrote that instead of the word paranoia, I prefer...
Today I was driving on the freeway and couldn’t avoid driving over a flattened cardboard box. I looked in my rearview mirror waiting for it to fly out behind me but it never did. Great, I was driving down the freeway with a box stuck to my car. It reminds...
I have a problem with my two-year old: he keeps getting out of his bedroom. This morning it was 4am and he was climbing over me and my wife, patting us on our heads. It’s not like we haven’t tried containing him. It started when he wouldn’t go down for...
I thought I would write about a technology introduced in Windows Vista called Mandatory Integrity Control (MIC), which is an access control scheme that Microsoft developed partially based on previous work by others, in particular the Biba model. There...
This morning, after being startled by two of my sons arguing over who had the longest turn playing Guitar Hero, and still not quite ready to get out of bed, I grabbed the remote control and started up the DVR recording of the Super Bowl. As my eyes were...
For those of you who have been waiting for SP1 before you move to Vista, that time has come: http://windowsvistablog.com/blogs/windowsvista/archive/2008/02/04/announcing-the-rtm-of-windows-vista-sp1.aspx Read More...
Some of you who know me know I have four kids—all boys. Now when you have four brothers growing up together under the same roof there is a lot of competition. In some families this competition would be with sports or academic achievement. In my house...
I thought I would share a tool I had developed a while back as part of my Windows lockdown procedure. Deleting files that are in use and particularly WFP-protected files can be a pain and the methods vary with each version of Windows. X-Out is a simple...
In case you haven’t noticed, in the last few years Microsoft has released a number of different client protection tools. First it was Windows Defender, then OneCare, and now we are seeing a big push on the Forefront product line. In fact, there are a...
In my last post I vented out some Vista complaints I had. One of those was how Microsoft changes the Start Menu with every version of Windows. In fact, after writing that I did a personal protest and changed the properties of the Start Menu to use the...
Vista has had some pretty bad press this year, some people blame Microsoft for initially overhyping but eventually poorly marketing the OS, some blame the “I’m a Mac” commercials, and some blame the security features. As for me, I just...
I was recently playing around with web proxies at my data center lab and got an idea to open up a couple anonymous proxies to see how long it would take for someone to start exploiting them. I fired up two anonymous proxies–using 3APA3A’s...
Today I was looking at a post at cryptome.org that shows all the IP addresses controlled by or somehow affiliated with the NSA. I had seen previous versions of this post and at first glance it seemed like someone did a lot of work to gather all of that...
Shortly after my last post on CAPTCHAs, some of you may have noticed MustLive’s CAPTCHA bypass tests in the comments below the article. Although I moderate all comments to my blog, I allowed those through because I thought they were a good follow...
I was playing around with Google Trends today which is always interesting trying to find a correlation between search volume of various terms (do more people hack when it snows?) I use Google’s keyword tool, to find out the most popular search phrases...
China denies that it’s military hacked into British government networks. They also deny hacking into the Pentagon. The funny thing is that they probably did both and everyone knows it. Think about it. Considering that many people now consider a...
I have run across a design issue in VMware’s scripting automation API that diminishes VM guest/host isolation in such a manner to facilitate privilege escalation, spreading of malware, and compromise of guest operating systems. VMware’s scripting API...
More Posts
Next page »