MSMVPS.COM
The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Sign in
|
Help
Home
Blogs
Media
Groups
Xato
Xato
Home
Syndication
RSS for Posts
Atom
RSS for Comments
Email Notifications
Go
Recent Posts
A CAPTCHA Nightmare
So many Windows to break
10 Ways to add to my paranoia
There’s always a good analogy in an old lady driving down the road dragging a mattress
Why I miss hacking
Tags
accusations
Application Security
CAPTCHA
computer+security
Cryptography
exploits
fbi
feds
General
hackers
Hacking
Hardening
Malware
NTFS
Passwords
Patch Management
Privacy
security
Security Policy
Tools
Virtual Machines
Vista
war on terror
Windows File Protection
Windows Security
View more
Archives
May 2008 (1)
April 2008 (1)
February 2008 (6)
January 2008 (4)
December 2007 (4)
November 2007 (1)
September 2007 (1)
August 2007 (4)
May 2007 (8)
April 2007 (2)
March 2007 (8)
February 2007 (17)
January 2007 (9)
December 2006 (5)
October 2006 (3)
September 2006 (3)
March 2006 (1)
Sort by:
Most Recent
|
Most Viewed
|
Most Commented
A CAPTCHA Nightmare
What distinguishes an effective CAPTCHA from a poor CAPTCHA is the ability to make things hard on non-humans without making things hard on humans. Most of the CAPTCHAS I see out there fail in one of those two features. But while I thought I had seen the...
Published
Wed, May 07 2008 12:23 PM
by
MBs Windows Security
Filed under:
Windows Security
So many Windows to break
I just finished writing patch reports for Windows systems I must support for my clients or for my own business. After you put together all the Vistas, XP’s, 2000’s, 2003’s, SP’s, R2’s, x64’s, and IE6 and 7’s,...
Published
Tue, Apr 08 2008 4:29 PM
by
MBs Windows Security
Filed under:
Windows Security
10 Ways to add to my paranoia
A couple of years ago I wrote an article at SecurityFocus.com about my security paranoia, which ended up in a lot of people thinking I went way too far and perhaps needed some mental help. In the article I wrote that instead of the word paranoia, I prefer...
Published
Fri, Feb 22 2008 1:00 PM
by
MBs Windows Security
Filed under:
Windows Security
There’s always a good analogy in an old lady driving down the road dragging a mattress
Today I was driving on the freeway and couldn’t avoid driving over a flattened cardboard box. I looked in my rearview mirror waiting for it to fly out behind me but it never did. Great, I was driving down the freeway with a box stuck to my car. It reminds...
Published
Thu, Feb 14 2008 12:25 AM
by
MB's Windows Security
Filed under:
Windows Security
Why I miss hacking
I have a problem with my two-year old: he keeps getting out of his bedroom. This morning it was 4am and he was climbing over me and my wife, patting us on our heads. It’s not like we haven’t tried containing him. It started when he wouldn’t go down for...
Published
Thu, Feb 07 2008 11:58 AM
by
MB's Windows Security
Filed under:
Windows Security
Mandatory Integrity Control
I thought I would write about a technology introduced in Windows Vista called Mandatory Integrity Control (MIC), which is an access control scheme that Microsoft developed partially based on previous work by others, in particular the Biba model. There...
Published
Wed, Feb 06 2008 5:59 PM
by
MB's Windows Security
Filed under:
Windows Security
Superbowl commercials, a broken window, and a virus
This morning, after being startled by two of my sons arguing over who had the longest turn playing Guitar Hero, and still not quite ready to get out of bed, I grabbed the remote control and started up the DVR recording of the Super Bowl. As my eyes were...
Published
Mon, Feb 04 2008 10:30 PM
by
MB's Windows Security
Filed under:
Windows Security
Vista SP1 and Windows Server 2008 RTM
For those of you who have been waiting for SP1 before you move to Vista, that time has come: http://windowsvistablog.com/blogs/windowsvista/archive/2008/02/04/announcing-the-rtm-of-windows-vista-sp1.aspx Read More...
Published
Mon, Feb 04 2008 10:25 PM
by
MB's Windows Security
Filed under:
Windows Security
IT Security Through Sibling Rivalry
Some of you who know me know I have four kids—all boys. Now when you have four brothers growing up together under the same roof there is a lot of competition. In some families this competition would be with sports or academic achievement. In my house...
Published
Wed, Jan 23 2008 11:44 AM
by
MB's Windows Security
Filed under:
Windows Security
New Tool: Delete files in use and Windows protected files
I thought I would share a tool I had developed a while back as part of my Windows lockdown procedure. Deleting files that are in use and particularly WFP-protected files can be a pain and the methods vary with each version of Windows. X-Out is a simple...
Published
Sat, Jan 05 2008 5:04 PM
by
MB's Windows Security
Filed under:
Windows Security
Making sense of Microsoft malware protection
In case you haven’t noticed, in the last few years Microsoft has released a number of different client protection tools. First it was Windows Defender, then OneCare, and now we are seeing a big push on the Forefront product line. In fact, there are a...
Published
Thu, Jan 03 2008 3:55 PM
by
MB's Windows Security
Filed under:
Windows Security
Recanting my compaint of Vista’s Start Menu
In my last post I vented out some Vista complaints I had. One of those was how Microsoft changes the Start Menu with every version of Windows. In fact, after writing that I did a personal protest and changed the properties of the Start Menu to use the...
Published
Wed, Jan 02 2008 12:18 PM
by
MB's Windows Security
Filed under:
Windows Security
The Vista bugs that bug me the most
Vista has had some pretty bad press this year, some people blame Microsoft for initially overhyping but eventually poorly marketing the OS, some blame the “I’m a Mac” commercials, and some blame the security features. As for me, I just...
Published
Mon, Dec 31 2007 1:51 PM
by
MB's Windows Security
Filed under:
Windows Security
Fun with open proxies
I was recently playing around with web proxies at my data center lab and got an idea to open up a couple anonymous proxies to see how long it would take for someone to start exploiting them. I fired up two anonymous proxies–using 3APA3A’s...
Published
Wed, Dec 26 2007 9:34 PM
by
MB's Windows Security
Filed under:
Windows Security
The NSA controls most of the Internet, or at least that’s what they want you to think
Today I was looking at a post at cryptome.org that shows all the IP addresses controlled by or somehow affiliated with the NSA. I had seen previous versions of this post and at first glance it seemed like someone did a lot of work to gather all of that...
Published
Sat, Dec 22 2007 3:52 AM
by
MB's Windows Security
Filed under:
Windows Security
A bad month for CAPTCHAs
Shortly after my last post on CAPTCHAs, some of you may have noticed MustLive’s CAPTCHA bypass tests in the comments below the article. Although I moderate all comments to my blog, I allowed those through because I thought they were a good follow...
Published
Wed, Dec 05 2007 12:58 PM
by
MB's Windows Security
Filed under:
Windows Security
Pakistan Wants to Learn How to Hack?
I was playing around with Google Trends today which is always interesting trying to find a correlation between search volume of various terms (do more people hack when it snows?) I use Google’s keyword tool, to find out the most popular search phrases...
Published
Fri, Nov 16 2007 12:26 PM
by
MB's Windows Security
Filed under:
Windows Security
,
Hacking
,
hackers
,
statistics
China caught hacking, good thing our government does not do that
China denies that it’s military hacked into British government networks. They also deny hacking into the Pentagon. The funny thing is that they probably did both and everyone knows it. Think about it. Considering that many people now consider a...
Published
Thu, Sep 06 2007 2:50 PM
by
MB's Windows Security
Filed under:
Windows Security
,
Hacking
,
us government
,
information warfare
,
0 day exploits
,
accusations
,
china
,
government networks
,
computer security
VMWare Guest Isolation Vulnerability
I have run across a design issue in VMware’s scripting automation API that diminishes VM guest/host isolation in such a manner to facilitate privilege escalation, spreading of malware, and compromise of guest operating systems. VMware’s scripting API...
Published
Wed, Aug 22 2007 10:12 PM
by
MB's Windows Security
Filed under:
Windows Security
,
Virtual Machines
,
malware. authentication
,
vmware
Lesson two on what not to do with a CAPTCHA
In my previous post on CAPTCHAs I mentioned that “…you need to make sure the end user can’t do anything to influence what code you pick.” For this example, I will pick on captchas.net, which provides a free CAPTCHA service for anyone...
Published
Wed, Aug 22 2007 1:02 PM
by
MB's Windows Security
Filed under:
Windows Security
,
Application Security
,
CAPTCHA
1
2
3
4
Next >
Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.