-
Totally unscientifically, I have carried out a poll of people who like UAC (okay, a few security geeks like myself), and those who hate UAC - mostly my wife. Something struck me as both a surprising common factor, and also a rather obvious explanation of why the two opinions are so polarised. [Note for...
-
I've seen a number of people promote packages that have shipped for Debian and Ubuntu, which allow users to scan their collected keys - OpenSSH or OpenSSL or OpenVPN, to discover whether they're too weak to be of any functional use. [See my earlier story on Debian and the OpenSSL PRNG ] These...
-
[PRNG is an abbreviation for "Pseudo-Random Number Generator", a key core component of the key-generation in any cryptographic library.] A few people have already commented on the issue itself - Debian issued, in 2006, a version of their Linux build that contained a modified version of OpenSSL...
-
Religious debates are rarely clean or pretty. The same is true in all spheres, whether debating Christianity against Islam, Linux against Windows, or Cagney vs Lacey. In security, there are a few divisive issues that are always going to crop up. Is your datacentre network trustworthy enough to pump secret...
-
Recently I discussed using EFS as a simple, yet reliable, form of file encryption. Among the doubts raised was the following from an article by fellow MVP Deb Shinder on EFS: EFS generates a self-signed certificate. However, there are problems inherent in using self-signed certificates: Unlike a certificate...
-
As I have mentioned in other posts ( Retro-bundling - another suck of the Apple , MacBook Air debuts; iTunes Pesters Me Again , Removing Apple Mobile Device Support , I didn't want iTunes - now I've got iPod, too? , etc, etc), this has long since stopped being an issue for me, because I've...
-
Cool new site (and blog ) from Microsoft - http://securedeveloper.com - and it has a tag line I've heard many times before: Like that old maxim that "you need to stop fighting fires long enough to tell the architects to stop building things out of wood", thinking like a bad guy is just...
-
The security guard phoned his boss in a panic. "There's been a break-in to the site, sir. The intruders aren't anywhere to be seen, but they've got away with a bunch of equipment." "Understood - go and look at the perimeter fence, find out where they broke in, and keep watch...
-
I heard a complaint the other day about UAC - User Account Control - that was new to me. Let's face it, as a Security MVP, I hear a lot of complaints about UAC - not least from my wife, who isn't happy with the idea that she can be logged on as an administrator, but she isn't really an administrator...
-
Over in " Random Things from Dark Places ", Hellnbak posts about reducing vulnerability counts by applying the SDL (Security Development Lifecycle), and makes the very reasonable point that vulnerabilities found prior to release by a scan that is part of the SDL process cannot be counted as...