http://msmvps.com/blogs/xato/atom.aspxCommunity Server2007-08-22T22:12:30Z/blogs/xato/archive/2009/04/01/it-s-2009-how-secure-are-you-now.aspx2009-04-01T21:09:35Z2009-04-01T21:09:35ZA month ago I downloaded a well-known shareware application from a download web site&#8211;a site that has been around long enough for me to recognize the name. I wanted to test the download speeds on a freshly installed Windows 2008 server in my data Read More......(<a href="http://msmvps.com/blogs/xato/archive/2009/04/01/it-s-2009-how-secure-are-you-now.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1683864" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2008/05/07/a-captcha-nightmare.aspx2008-05-07T17:23:33Z2008-05-07T17:23:33ZWhat distinguishes an effective CAPTCHA from a poor CAPTCHA is the ability to make things hard on non-humans without making things hard on humans. Most of the CAPTCHAS I see out there fail in one of those two features. But while I thought I had seen the Read More......(<a href="http://msmvps.com/blogs/xato/archive/2008/05/07/a-captcha-nightmare.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1616430" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2008/04/08/so-many-windows-to-break.aspx2008-04-08T21:29:30Z2008-04-08T21:29:30ZI just finished writing patch reports for Windows systems I must support for my clients or for my own business. After you put together all the Vistas, XP&#8217;s, 2000&#8217;s, 2003&#8217;s, SP&#8217;s, R2&#8217;s, x64&#8217;s, and IE6 and 7&#8217;s, Read More......(<a href="http://msmvps.com/blogs/xato/archive/2008/04/08/so-many-windows-to-break.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1578620" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2008/02/22/10-ways-to-add-to-my-paranoia.aspx2008-02-22T19:00:20Z2008-02-22T19:00:20ZA couple of years ago I wrote an article at SecurityFocus.com about my security paranoia, which ended up in a lot of people thinking I went way too far and perhaps needed some mental help. In the article I wrote that instead of the word paranoia, I prefer Read More......(<a href="http://msmvps.com/blogs/xato/archive/2008/02/22/10-ways-to-add-to-my-paranoia.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1521937" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2008/02/14/there-s-always-a-good-analogy-in-an-old-lady-driving-down-the-road-dragging-a-mattress.aspx2008-02-14T06:25:48Z2008-02-14T06:25:48ZToday I was driving on the freeway and couldn’t avoid driving over a flattened cardboard box. I looked in my rearview mirror waiting for it to fly out behind me but it never did. Great, I was driving down the freeway with a box stuck to my car. It reminds Read More......(<a href="http://msmvps.com/blogs/xato/archive/2008/02/14/there-s-always-a-good-analogy-in-an-old-lady-driving-down-the-road-dragging-a-mattress.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1513837" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2008/02/07/why-i-miss-hacking.aspx2008-02-07T17:58:56Z2008-02-07T17:58:56ZI have a problem with my two-year old: he keeps getting out of his bedroom. This morning it was 4am and he was climbing over me and my wife, patting us on our heads. It’s not like we haven’t tried containing him. It started when he wouldn’t go down for Read More......(<a href="http://msmvps.com/blogs/xato/archive/2008/02/07/why-i-miss-hacking.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1501582" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2008/02/06/mandatory-integrity-control.aspx2008-02-06T23:59:31Z2008-02-06T23:59:31ZI thought I would write about a technology introduced in Windows Vista called Mandatory Integrity Control (MIC), which is an access control scheme that Microsoft developed partially based on previous work by others, in particular the Biba model. There Read More......(<a href="http://msmvps.com/blogs/xato/archive/2008/02/06/mandatory-integrity-control.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1500309" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2008/02/04/superbowl-commercials-a-broken-window-and-a-virus.aspx2008-02-05T04:30:03Z2008-02-05T04:30:03ZThis morning, after being startled by two of my sons arguing over who had the longest turn playing Guitar Hero, and still not quite ready to get out of bed, I grabbed the remote control and started up the DVR recording of the Super Bowl. As my eyes were Read More......(<a href="http://msmvps.com/blogs/xato/archive/2008/02/04/superbowl-commercials-a-broken-window-and-a-virus.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1496632" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2008/02/04/vista-sp1-and-windows-server-2008-rtm.aspx2008-02-05T04:25:17Z2008-02-05T04:25:17ZFor those of you who have been waiting for SP1 before you move to Vista, that time has come: http://windowsvistablog.com/blogs/windowsvista/archive/2008/02/04/announcing-the-rtm-of-windows-vista-sp1.aspx Read More......(<a href="http://msmvps.com/blogs/xato/archive/2008/02/04/vista-sp1-and-windows-server-2008-rtm.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1496567" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2008/01/23/it-security-through-sibling-rivalry.aspx2008-01-23T17:44:10Z2008-01-23T17:44:10ZSome of you who know me know I have four kids—all boys. Now when you have four brothers growing up together under the same roof there is a lot of competition. In some families this competition would be with sports or academic achievement. In my house Read More......(<a href="http://msmvps.com/blogs/xato/archive/2008/01/23/it-security-through-sibling-rivalry.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1476800" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2008/01/05/new-tool-delete-files-in-use-and-windows-protected-files.aspx2008-01-05T23:04:44Z2008-01-05T23:04:44ZI thought I would share a tool I had developed a while back as part of my Windows lockdown procedure. Deleting files that are in use and particularly WFP-protected files can be a pain and the methods vary with each version of Windows. X-Out is a simple Read More......(<a href="http://msmvps.com/blogs/xato/archive/2008/01/05/new-tool-delete-files-in-use-and-windows-protected-files.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1439588" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2008/01/03/making-sense-of-microsoft-malware-protection.aspx2008-01-03T21:55:12Z2008-01-03T21:55:12ZIn case you haven’t noticed, in the last few years Microsoft has released a number of different client protection tools. First it was Windows Defender, then OneCare, and now we are seeing a big push on the Forefront product line. In fact, there are a Read More......(<a href="http://msmvps.com/blogs/xato/archive/2008/01/03/making-sense-of-microsoft-malware-protection.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1435796" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2008/01/02/recanting-my-compaint-of-vista-s-start-menu.aspx2008-01-02T18:18:03Z2008-01-02T18:18:03ZIn my last post I vented out some Vista complaints I had. One of those was how Microsoft changes the Start Menu with every version of Windows. In fact, after writing that I did a personal protest and changed the properties of the Start Menu to use the Read More......(<a href="http://msmvps.com/blogs/xato/archive/2008/01/02/recanting-my-compaint-of-vista-s-start-menu.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1433173" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2007/12/31/the-vista-bugs-that-bug-me-the-most.aspx2007-12-31T19:51:24Z2007-12-31T19:51:24ZVista has had some pretty bad press this year, some people blame Microsoft for initially overhyping but eventually poorly marketing the OS, some blame the &#8220;I&#8217;m a Mac&#8221; commercials, and some blame the security features. As for me, I just Read More......(<a href="http://msmvps.com/blogs/xato/archive/2007/12/31/the-vista-bugs-that-bug-me-the-most.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1429657" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2007/12/26/fun-with-open-proxies.aspx2007-12-27T03:34:01Z2007-12-27T03:34:01ZI was recently playing around with web proxies at my data center lab and got an idea to open up a couple anonymous proxies to see how long it would take for someone to start exploiting them. I fired up two anonymous proxies&#8211;using 3APA3A&#8217;s Read More......(<a href="http://msmvps.com/blogs/xato/archive/2007/12/26/fun-with-open-proxies.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1421308" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2007/12/22/the-nsa-controls-most-of-the-internet-or-at-least-that-s-what-they-want-you-to-think.aspx2007-12-22T09:52:02Z2007-12-22T09:52:02ZToday I was looking at a post at cryptome.org that shows all the IP addresses controlled by or somehow affiliated with the NSA. I had seen previous versions of this post and at first glance it seemed like someone did a lot of work to gather all of that Read More......(<a href="http://msmvps.com/blogs/xato/archive/2007/12/22/the-nsa-controls-most-of-the-internet-or-at-least-that-s-what-they-want-you-to-think.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1411639" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2007/12/05/a-bad-month-for-captchas.aspx2007-12-05T18:58:10Z2007-12-05T18:58:10ZShortly after my last post on CAPTCHAs, some of you may have noticed MustLive&#8217;s CAPTCHA bypass tests in the comments below the article. Although I moderate all comments to my blog, I allowed those through because I thought they were a good follow Read More......(<a href="http://msmvps.com/blogs/xato/archive/2007/12/05/a-bad-month-for-captchas.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1380905" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2007/11/16/pakistan-wants-to-learn-how-to-hack.aspx2007-11-16T18:26:36Z2007-11-16T18:26:36ZI was playing around with Google Trends today which is always interesting trying to find a correlation between search volume of various terms (do more people hack when it snows?) I use Google&#8217;s keyword tool, to find out the most popular search phrases Read More......(<a href="http://msmvps.com/blogs/xato/archive/2007/11/16/pakistan-wants-to-learn-how-to-hack.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1320907" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2007/09/06/china-caught-hacking-good-thing-our-government-does-not-do-that.aspx2007-09-06T19:50:18Z2007-09-06T19:50:18ZChina denies that it&#8217;s military hacked into British government networks. They also deny hacking into the Pentagon. The funny thing is that they probably did both and everyone knows it. Think about it. Considering that many people now consider a Read More......(<a href="http://msmvps.com/blogs/xato/archive/2007/09/06/china-caught-hacking-good-thing-our-government-does-not-do-that.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1172632" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx/blogs/xato/archive/2007/08/22/vmware-guest-isolation-vulnerability.aspx2007-08-23T03:12:30Z2007-08-23T03:12:30ZI have run across a design issue in VMware’s scripting automation API that diminishes VM guest/host isolation in such a manner to facilitate privilege escalation, spreading of malware, and compromise of guest operating systems. VMware’s scripting API Read More......(<a href="http://msmvps.com/blogs/xato/archive/2007/08/22/vmware-guest-isolation-vulnerability.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1132131" width="1" height="1">Anonymoushttp://msmvps.com/members/Anonymous/default.aspx