Sherlock Holmes and security
Caught a glimpse of an old Sherlock Holmes show on the tele yesterday. The part I saw was very amusing. Homes had just recovered a priceless pearl. When handing it back to the museum he asked that it...
View ArticleAlan Cox’s OSCON Europe talk on security available online
Alan Cox delivered a talk at OSCON Europe titled Computer Security–The Next 50 Years. IT Conversations has made it available online. It’s well worth listening to. Computer Security–The Next 50 Years...
View ArticleSecurity Now #39
I found the podcast Security Now the other day. (Actually it was before I listened to episode 139 of TLLTS which contains an interview with SecurityMonkey. Well, back to Security Now.) It’s a rather...
View ArticleHah! Some commercial sites have become useful again ;)
Episode 45 of the Security Now! podcast mentions a sneaky use of the hosts file—ad blocking. By listing well-known adsites in hosts and forcing them to resolve to 127.0.0.1 (or 0.0.0.0) the irritating...
View ArticleStuff worth reading (04/08/2006)
Elmo is right, Britain really is the 51st state. I’ve noticed the very strange and one-sided relationship with the US before but this article on Britain’s nuclear weapons put that in a whole new light....
View ArticleSSL in WordPress?
I wonder what howto on codex.wordpress.org Wolfgang’s talking about. I’ve been trying to get an SSL certificate onto my blog as well, but that didn’t seem possible at the time. (I would have left a...
View ArticleHow to make sure corporate users choose bad passwords
Here’s a sure-fire way to make sure users choose bad passwords: Force passwords to have a minimum length. Come up with some arbitrary rules regarding “complexity” of the password. E.g. that it contains...
View ArticleM$ Vista security, “integrity control”
Lately I’ve spent some time looking at Windows Vista security. Basically just trying to catch up with some of the changes introduced and mostly done through reading whatever I come across. I’ve spent...
View ArticleMore on Vista’s “integrity control”
I just noticed a post by Joanna Rutkowska on a very handy little tool—chml. For the record I’d like to point out that this tool further highlights how confused the MIC is in Windows Vista. A no-read-up...
View ArticleIt is fair, at least for now…
I think it’d be better if Microsoft’s security specialists concentrated on improving security in their products (and possibly write about how they do it) rather than trying to make the rest of the...
View ArticleComputer security and liability—my thoughts
Almost three years ago Bruce Schneier posted a blog entry on Computer Security and Liability. Since then he has repeated his opinion several times; one of the more high-profile occasions was in front...
View ArticleSome hope on identity fraud
After the recent cock-up by HMRC I find myself a bit more hopeful for the future. Hopefully the politicians will start asking themselves if it really is such a good idea to collect information in huge...
View ArticleSaddle, two SDDL related tools
I’ve just uploaded two small tools that makes it a little easier to deal with SDDL (Security Descriptor Description Language, this is a good resource for SDDL): saddle-ex – “extract” the security...
View ArticleAdventures with a certain Xen vulnerability (in the PVFB backend)
Here’s another post about a paper I’ve read recently. This time it’s not entirely for fun, but I still thought I’d write about this one, Adventures with a certain Xen vulnerability (in the PVFB...
View Article
More Pages to Explore .....