Harry Waldron pointed out on his blog an article from the CRN Test Center that claims that XP and Vista are equally at peril when it comes to security.

There are many problems with this CRN review, the most obvious being that they appeared to be testing Vista as a virus-detection platform, which it isn’t. In Windows Vista, like every other OS, Virus scanning is not part of the OS and requires additional software. Vista does, however, warn you when you do not have any anti-virus software installed.

Read the rest of this entry »

Ars Technica reports that Congress is looking in to the extent of the cooperation between phone companies and the NSA. This interest was sparked by the White House’s proposal for retroactive immunity.

What’s interesting about this, however, is what it really means to call for retroactive immunity. It’s one thing to provide immunity for possible future violations of the law that might occur but something completely different to ask for immunity for the past. The main difference is that the only reason to ask for immunity for past actions is if you are aware that past actions were in violation of the law. If you knew that no laws were broken in the past, it would be absurd to ask for immunity. Read the rest of this entry »

I was playing around today with Google searches to see what has happened so far with May’s patch releases. First of all, I simply did a Google search for the KB numbers of each patch to compare results of each. Here is a graph of the results:

This is somewhat expected, with the IE patch being the most popular, although I can’t quite explain why the Excel patch only came up with only 1,620 results.

What’s more interesting, however, is that when I searched for the KB number and the word “problem” I came up with some very telling results:

Apparently, there was a huge amount of discussion of problems with this month’s IE patch. Of course, this is by no means scientific research and an IE certainly would result in more discussion and potentially more problems due to the userbase, but IE patch is clearly the loser in quality this month.

Ok, this post is really just an advertisement for an affiliate program I am in but I thought it was interesting enough to promote:

Looking at their selection I found that some of their book titles–The History of Chocolate or The Illustrated Encyclopedia of Sex–might invite someone to want to pick them up and read and therefore wouldn’t be a great hiding place. I would suggest getting a less interesting title. Here are some I found that might work:

Liz - An Intimate Biography of Elizabeth Taylor

Introduction to Materials Science

Elvis and Me

Massachusetts General Laws Annotated

Yes, it’s security through obscurity but that isn’t always a bad thing. It might be a good place to stash away a smart card or USB drive or something. Wait… is that a remote control they are hiding in there?

Sprites mods has an interesting article about hacking the protection of a hardware authentication device:

http://www.spritesmods.com/?art=secustick

What’s interesting about this is that it shows how easy it is to feel like a hardware device is providing a second factor of authentication when in reality all it is doing is giving you single factor authentication twice. And although that still might seem more secure, it actually provides little additional benefit. Read the rest of this entry »

Here’s a password strength tester, and probably one of the most effective I have seen. Just enter your password in the text box and click on the search button. If you get no results, chances are your password is pretty good.

I think many of you will be very be surprised how common your “secret” password really is:

Just remember that searches aren’t encrypted with SSL and Google even keeps a search history on you so you probably should be careful about what you send. I usually try passwords I have used in the past or passwords using a similar pattern rather than entering an actual password.

I got a chance to review a [uh, text only] copy of the Playboy article about Kevin Mitnick and was quite surprised with how captivated I was reading it. The author makes an excellent point in the article—not through what he says but how he makes you feel—that hacking is cool.

The article brought back some feelings that I myself haven’t felt in quite a long time. I realized that the security industry has changed me. I spend my time evaluating software, testing updates, writing how-to articles, and digging through an endless buffet of RSS feeds trying to keep up with who has acquired who. I forgot that I’m a hacker. Read the rest of this entry »

I recently experienced a small technology miracle: I found myself a stapler that doesn’t mangle staples and doesn’t jam. For years those twisted and contorted staples stuck in my carpet were a perpetual reminder of how technology has failed us.

Yet despite my already large graveyard of abandoned staplers, I never gave up my search for that perfect stapling device. Sure, I went through phases of binding alternatives such as paper clips or file folders, but ultimately, despite its weaknesses, I always went back the staple.

Read the rest of this entry »