Xato : Security Policy

Multi-Factor Authentication vs Multi-Single Factor Authentication

MB's Windows Security — Wed, 09 May 2007 15:35:43 GMT

Sprites mods has an interesting article about hacking the protection of a hardware authentication device: http://www.spritesmods.com/?art=secustick What’s interesting about this is that it shows how easy it is to feel like a hardware device is providing...(read more)

Technology Fixed the Stapler, Is Windows Next?

MB's Windows Security — Fri, 04 May 2007 22:45:58 GMT

I recently experienced a small technology miracle: I found myself a stapler that doesn’t mangle staples and doesn’t jam. For years those twisted and contorted staples stuck in my carpet were a perpetual reminder of how technology has failed us. Yet despite...(read more)

How to Guess an Admin’s Password Without Them Knowing You Are Trying

MB's Windows Security — Fri, 02 Mar 2007 04:30:38 GMT

Explains an old trick on how to guess someone else's password without anything getting logged in the domain controller's event logs Read More......(read more)

Does Windows Server 2003 Even Need Hardening?

MBs Windows Security — Thu, 01 Feb 2007 01:22:09 GMT

Many people tell me they are surprised with how much effort I put into hardening Windows Server 2003–the last hardening document I wrote for a client was 112 pages long. That’s not 112 pages of writing, policy, and how-to’s, that’s...(read more)

Perfect Passwords Book!

MBs Windows Security — Thu, 16 Mar 2006 22:07:23 GMT

I finally finished my Perfect Passwords book. In this book I attack much of the conventional wisdom about password policies and present new techniques for building strong passwords. For example, I think that passwords as a technology aren’t obsolete...(read more)