New Firefox (sort of) Available

I had heard that the Firefox update would be coming out last week, then I heard the 12th and then I heard the 14th.  Looks like it is out on the ftp server now: ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.5.0.7/win32/en-US/Firefox%20Setup%201.5.0.7.exe, but they’re not yet pointing to it on the FF site, http://www.mozilla.com/firefox/.   I’ve been wanting to dig into browser security and vulnerabilities, so I’m looking forward to the official release of this, along with an … Read more »

Mozilla Chief Security Something-or-Other

Well, I’ve had a busy couple of weeks, including selling a house, buying a house and moving – which didn’t leave much free time for blogging, so I am a bit behind on current events.  So, let me start the catch-up with a human interest post. Window Snyder, a former colleague and all around great security professional has joined the Mozilla team.  According to my LinkedIn connection, she is the … Read more »

Previous Post Created Using Windows Live Writer

Mostly, I stick to security topics here, but I want to take a moment and say “go get Windows Live Writer.” If, like me, you’ve ever lost a blog entry or had to retype due to any sort of network or web problem, you’ll appreciate this simple tool that helps you draft up your blog entry, automatically saving drafts, then posts it up for you. Microsoft launched Windows Live Writer … Read more »

Where, oh Where, are Perfect Security Features?

In my recent exploration of Windows Vista x64 security features and Patchguard (see pt1 and pt2), one of the issues sent my thoughts in the direction of how “perfect” security feature are (or are not) and how that affected security value to customers. So, here is the scenario.  You read about a new security feature in JeffOS that has been reported to improve security.  Let’s say the feature helps stop exploits of heap overflows.  … Read more »

Interview with Patchguard Architect Forrest Foltz (Windows Vista x64 Security – Patchguard follow up)

Here I am doing my thing, looking at some of the security improvements in Windows Vista x64 (see pt1 and pt2), when all of a sudden, Patchguard seems to be hot news.   [NOTE:  Readers, if you need more details on Patchguard, start with my previous post Windows Vista x64 Security – Pt 2 – Patchguard.]   So, leveraging my coveted super power of “walking down the hall”, I tracked … Read more »

Windows Vista x64 Security – Pt 2 – Patchguard

  NOTE:  I know this is a long post.  If you don’t want to read all the details I discuss here, I still encourage you to go read What Were They Thinking? Anti-Virus Software Gone Wrong, by Skywing, to give you a perspective on “known good” extensions to kernels.  Also, as always, this blog post represents my own personal analysis and opinion (based upon my own experience) and not that … Read more »

Windows Vista x64 Security – Pt 1

I recently took home a build of Windows Vista for my home machine, which happens to be a dual processor 64-bit Dell machine, and it made me curious about the differences between the x86 and x64 version of Vista – specifically security differences.    After doing a brief bit of research, I found three unique security benefits in Vista x64: ·  Hardware NX protection on globally by default. ·  Kernel … Read more »

Further Perspectives on Symantec Vista "Research"

Since my original post on last week’s Symantec paper, they’ve released another one as noted by Joris Evers in Symantec continues Vista bug hunt. Now that I’ve read both of the first two papers, I note two perspectives from Symantec on this: 1) the perspective of the researchers in their paper, and 2) the uses that the Symantec marketing team may be attempting with the content. On the first perspective, the … Read more »

New Windows Vista Security Blog

Ben Fathi, the Corporate VP of the Security Technology Unit has kicked off a new blog focused on Windows Vista Security.  I’ve added a link on the side and you can read it here: http://blogs.msdn.com/windowsvistasecurity/. Also, while I’m on the topic of Ben, let me remind you that he also hosts a Technet Chat that allows you to connect and ask him and his extended team any question you want … Read more »

Symantec Stirs the Pot

UPDATE:  Several readers sent me a link to the paper, so I have it now.  Thanks!   I didn’t use “FUD” in my title, because it frankly gets used so often, and sometimes even applied to me.  FUD (or Fear, uncertainty, and doubt) is a sales or marketing strategy of disseminating negative (and vague) information on a competitor. Now, why I don’t think this applies to my recent vulnerability metrics posts is:   … Read more »