Tales from the Crypto

         Alun Jones (Security MVP Reconnect) writes about security, cryptography, SSL, PKI, and pretty much anything else that bothers him enough.

Archive for March, 2006

March 31, 2006

More proof that crypto is harder than it needs to be.

Filed under: Why is PKI so hard? @ 3:00 pm

I went looking today for a definitive statement on what purposes a certificate needs when it is created for an SMTP server that uses STARTTLS (I’m still looking, but I’m pretty certain I know what it needs).  I came across this gem of a piece from the Mac OS X guide to SSL: The CSR […]

March 30, 2006

Vista – new accounts will not be administrators!

Filed under: General Security @ 4:28 pm

I say “yay” to this post from David Cross: “We have subsequently made the decision that in [Windows Vista] Beta 2, secondary user accounts will be standard users by default.” As he says, it kind of gives the wrong message when you’re asked to enter the names of a half-dozen people to be created in […]

New hardening guides arrive early for April Fools’ Day.

Filed under: General Security @ 10:37 am

Microsoft released a downloadable document today that discusses how to harden your Windows 98 and NT 4.0 systems. It seems a little early for April Fools’ Day, so I opened it up and took a look. It’s a 109-page document full of honest and useful advice for those of you in the untenable position of […]

More on the ActiveX behaviour change

Filed under: General Security @ 10:20 am

Driving into work this morning (yes, I usually take the bus, but when there’s no space at the Park & Ride, it becomes a No Park & No Ride), I had a realisation about the ActiveX behaviour change that’s coming up. Maybe it’s been brought about as a result of a patent lawsuit, but think […]

March 29, 2006

Just test the thing and get on with it.

Filed under: General Security @ 3:29 pm

Microsoft’s Mike Nash has just stated that, although April 11’s patch to IE will include the updated behaviour change made necessary by the Eolas lawsuit, because people outside of Microsoft are concerned that they haven’t had a chance to test it enough on their LOB (line-of-business) applications, there will be an option to disable the […]

Microsoft’s new password collector.

Filed under: General Security @ 10:22 am

Sorry, did I say that out loud? No, it’s not really a password collector. Probably. What I’m talking about is a new tool from Microsoft that aims to tell you when a password is “Weak”, “Medium”, “Strong” or “Best”. Try it for yourself – see that “This is my password.” is “BEST”, and “Cz!r4Tz” is […]

March 28, 2006

Security koan #2

Filed under: General Security @ 10:07 pm

[Apologies if anyone finds the stereotype of the ‘wiley Irishman’ to be offensive. This story exists in many different forms, in many different cultures.] Paddy works at a construction site.  Every night, he leaves his work, wheeling a wheelbarrow and a tarpaulin (canvas cloth covering the wheelbarrow) out past the security guard. One night the […]

Flatten and pave; or don’t get infected.

Filed under: General Security @ 4:25 pm

E-Bitz’s article on whether “System Restore” should be used or destroyed when cleaning an infected machine reminds me of the other side of the debate – whether to clean at all. Bitzie puts up a link to Jesper’s article describing the more academic side of this debate, that says the only thing you can do […]

Error 0x80005000 and DirectoryEntry in .NET

Filed under: Uncategorized @ 3:44 pm

So I’ve got a project that requires I write a web app that checks against Active Directory (an ADAM instance, as it happens). It doesn’t seem to work, for the longest time. I’ve got my server’s address set out, I remember to use the “Distinguished Name” format of the user name, and I have the […]

March 24, 2006

Security Through Obscurity

Filed under: General Security @ 7:48 pm

It’s long been held that “Security Through Obscurity” is no security at all. Okay, so that’s not exactly true, because of course your password only works because it’s secret – obscured from others; your private key only works because it’s secret; etc,etc. But these are all “exceptions that prove the rule” in a real sense […]

Next Page »

© 2017 Tales from the Crypto   Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs