Merge this into the registry, reboot and enjoy increased performance: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem] "NtfsDisable8dot3NameCreation"=dword:00000001 "NtfsMemoryUsage"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] "NumTcbTablePartitions"=dword:00000008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{INTERFACE NUMBER}] "TcpAckFrequency"

In the past week, I had a number of discussions about information securtity and technology in general. With colleagues, we identified few common patterns about decision-making in corporate environments - and those are case studies on how decisions shouldn't be made. Here's examples: We need mature solutions. Can anybody define maturity when it comes to IT? Is Intranetware mature solution for network file and print services? Whenever you hear maturity or business acumen , or something like

When I first read the news on the Washington Post web site, I thought this is a 1 April joke: Senate Legislation Would Federalize Cybersecurity . The April Fool's day has come and gone but all the signs are to that this is for real: the press releases trumpeting arrival of the legislation are still there . The bill's summary is available from the US Senate Web site (I cannot find the full text of proposed legislation yet). The problem definition is a typical scaremongering: This comprehensive

Tim Holman comments on the latest card processing system breach : Heartland Payment Systems (HPY) on Tuesday disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants: http://www.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htm I took a moment to see if they were PCI Compliant and they were audited in March 2008 by Trustwave: http://www.mastercard.com/us/sdp/assets/pdf/Compliant

First, a follow-up to my previous message: it turns out that the investment is to be twice as that initially indicated, resulting in half of the jobs, and the jobs will be all kinds thereof, not green only. Good luck. Now, there's something that is more of concern than just hot air promises: information security industry is asking Mr. Obama to appoint a security czar . Since all the signs are to more regulation from the nanny state, this might as well become a reality. the report - Securing Cyberspace

Reading the US presidential candidates final pleas, one sentence in Sen. Obama's The Change We Need piece drew may attention: I'll invest $15 billion a year over the next decade in renewable energy, creating five million new, green jobs that pay well, can't be outsourced, and can help end our dependence on Middle East oil. That's right - a $3000-dollar investment will create a well-paying, stable job. However you stretch the plan, this is still bulldust. I wouldn't vote for lies

Ivan Krstic's presentation at AusCERT 2007 (PDF) is a fascinating reading. Until today I didn't realise that OLPC not only offers a solution to the world's educational woes, but also facilitates system security in a completely new way - that is, finally eliminates all opportunities for malware to exist. Except that the way isn't completely new. In his writing Ivan suggests that before UNIX process model was invented in 1971, computer systems were running explicitely trusted code only

So it happened: Windows starts up and asks for a password, and you don't know what that is. Either forgot, or didn't know the password. This is Syskey in action. What to do? You can try brute forcing the password. Syskey gives unlimited tries. After the first hundred you'll come to the conclusion that brute forcing is overrated. And there are no reliable tools that will help brute forcing Syskey password. You can forcibly switch Syskey off. The best tool for it is the Offline NT Password

With all the buzz around major US wireless operators opening their networks to devices bought by the users, one may wonder if those businesspeople understand what they're talking about. There's no need to open anything at all in GSM and 3G (UMTS etc) worlds. CDMA was trickier but you usually could talk support person on the phone into connecting anything, provided you pay accounts. So opening up varies from symbolic act to... symbolic act. There's no need to reinvent the concept of openness

Recently I have visited Australia's Parliament House in Canberra. As parliaments of many other democratic countries, it is open for public access . Notably, there was no wireless LAN available. Not for long - implementation of wireless network is forthcoming . There are many interesting bits and pieces in the information. Focus on security is understandable. I do not expect the implementation be anything extraordinary - our usual mixture of Cybertrust consultants, and DSD analysts and government