Just saw mention on a forum of downloading a VMWare appliance ready- to-run parental control package. It’s definitely a great convenience to get a pre-installed entire OS with apps and all this way, but what about malware? It seems we have very little guarantees about how clean these installs are, and yet I don’t see [...]

We have a lot of vulnerabilities in software, and it doesn’t seem to diminish. One of the major reasons we have all these vulnerabilities is that every software developer (or organization) needs to develop every darn litte thing itself. IOW, the networking code, the user interaction, the database handling, etc, just to be able to [...]

A series of three videos on the subject of rootkits, done by Live Security for Watchguard. Recommended. Malware Analysis: Rootkits, Part 1 Malware Analysis: Rootkits, Part 2 Malware Analysis: Rootkits, Part 3 security

In the USA, the social security number (SSN) is often used to authenticate people over the phone. Let’s leave the general badness of this idea out of the current discussion and focus on the particularly bad idea I heard about recently. In order to protect the SSN, many companies keep only the last four digits [...]

Phishing: setting up a false website, looking more or less like the bank’s site, and getting users to enter their username and password, so that the phisher can then log on to the bank himself and empty the user’s account. Admittedly, the preceding paragraph took some freedoms with the definition of phishing, but I’m discussing [...]

An often recurring problem online is how to prove you’re eligible to access a particular resource, if that resource is limited to people belonging to a certain group. This problem occurs, more abstractly, if the resource is managed by some organization that is not itself responsible for determining who is eligible. Examples: sites accessible to [...]

To test out different wikis, I got the obvious idea of downloading VMWare appliances preinstalled with one or the other of those wiki systems. Very easy to get running and easy to test. Once you have them, that is, since most of them are distributed using BitTorrent and many have few, if any, seeds. But [...]

We all know by now that Mac users usually run as non-admins on their machines and what a good thing this is. Apps generally ask for admin credentials during install to get their setup done. Great stuff. I have just one (ok, maybe two) apps that don’t handle this right and these have to be [...]

I’ve been a longtime subscriber to MSDN magazine and its predecessor, MS Systems Journal, and I’ve always liked to read their stuff and learn. The last year or so, I haven’t read more than the columns at the very end, the editorial and maybe something by Michael Howard on security or John Robbins on debugging. [...]

My wife just asked me if I was thinking of another woman. Huh? Seems I was playing “She’s always a woman to me” by Billy Joel for the third or fourth time in a row on the stereo, and she was looking for a meaning to it. Actually, I was testing my new Airport Express [...]