Avoid spam from your online communities

Avoid spam from your online communities Whether it’s parenting, politics, or ping-pong, chances are there’s an online community out there where people are chatting about something you’re interested in. There are several different kinds of communities, including e-mail distribution lists, message boards, newsgroups, and even blogs like this one. When you post messages to these groups you might also be required to post your e-mail address. Or you may want … Read more »

Symantec’s Plea : Protect our Protection Racket

  I must emphasize that these are my thoughts as an individual and do not necessarily reflect those of Microsoft, or MSN, or any of the teams I happen to work with.  While some of the notions in this article may be provocative, they are consistent with my charter of provoking thoughtful discussions and look at issues from different angles. I’ve been reading the public rhetoric from Symantec concerning Windows Security Center … Read more »

Real Life Protection! IE7 on Vista

Happy day, if you get this dialog box:  This screenshot comes from Zdnet article Vista passes one security test that points out some of the benefits of the multiple levels of security in IE7 and Windows Vista, with respect to the zero day issue warned about in and Microsoft Security Advisory and fixed yesterday with MS06-055.  My favorite quote is this: Now, it’s important to note that the developers of IE7 clearly had no idea that … Read more »

Ubuntu 6.06 LTS (Dapper Drake) – 90 Day Security Vulnerability Scorecard

Based upon Debian, Ubuntu has cool release names like “Warty Warthog”, “Hoary Hedgehog”, “Breezy Badger” and “Dapper Drake” and is certainly the current fair haired Linux.  Warty Warhog, aka Ubuntu 4.10, was the first release in October 2004.  Dapper Drake, released on June 1 of this  year added Ubuntu to the ranks of Enterprise Linux with Ubuntu 6.06 LTS (Long Term Support), committing to supporting that “snapshot” of components for 3 years on … Read more »

What If? The First Days of a Security Enhanced OS …

This story is especially dedicated to all the new IT Pro friends I met in Budapest this past week.  I had meant to  share this story with you, but it got squeezed out by more important discussions…  With the Windows Vista release drawing more near each week, I’ve been thinking back to the release of Windows Server 2003, which had been through the earlier version of the SDL and was expected … Read more »

Stepto Has *not* Left the Building

Not building 27, nor the security team, that is. A couple of days ago, I’m on the phone with a colleague from another group, who says “hey, I heard, Stepto (aka Stephen Toulouse) is leaving the STU to join the Windows Vista team.”  I said, “err… I don’t think so.”  So he sent me a link to this story: MS Security Manager Joins Vista Team.  They even point to his … Read more »

New Firefox (sort of) Available

I had heard that the Firefox update would be coming out last week, then I heard the 12th and then I heard the 14th.  Looks like it is out on the ftp server now: ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/, but they’re not yet pointing to it on the FF site, http://www.mozilla.com/firefox/.   I’ve been wanting to dig into browser security and vulnerabilities, so I’m looking forward to the official release of this, along with an … Read more »

Mozilla Chief Security Something-or-Other

Well, I’ve had a busy couple of weeks, including selling a house, buying a house and moving – which didn’t leave much free time for blogging, so I am a bit behind on current events.  So, let me start the catch-up with a human interest post. Window Snyder, a former colleague and all around great security professional has joined the Mozilla team.  According to my LinkedIn connection, she is the … Read more »

Previous Post Created Using Windows Live Writer

Mostly, I stick to security topics here, but I want to take a moment and say “go get Windows Live Writer.” If, like me, you’ve ever lost a blog entry or had to retype due to any sort of network or web problem, you’ll appreciate this simple tool that helps you draft up your blog entry, automatically saving drafts, then posts it up for you. Microsoft launched Windows Live Writer … Read more »

Where, oh Where, are Perfect Security Features?

In my recent exploration of Windows Vista x64 security features and Patchguard (see pt1 and pt2), one of the issues sent my thoughts in the direction of how “perfect” security feature are (or are not) and how that affected security value to customers. So, here is the scenario.  You read about a new security feature in JeffOS that has been reported to improve security.  Let’s say the feature helps stop exploits of heap overflows.  … Read more »