Tales from the Crypto






         Alun Jones (Security MVP Reconnect) writes about security, cryptography, SSL, PKI, and pretty much anything else that bothers him enough.

Archive for April, 2006

April 25, 2006

Security Reporting – how critical is "Critical"?

Filed under: General Security @ 7:58 pm

What’s the difference between these two vulnerability reports? Firefox “focus()” Memory Corruption Weakness Internet Explorer “object” Tag Memory Corruption Code Execution Okay, so the first couple of differences are obvious – the Firefox one is “Not Critical”, as it is a “Denial of Service” attack; the Internet Explorer one is “Highly Critical”, as it allows “System […]

April 24, 2006

Banks and SSL forms

Filed under: General Security,Why is PKI so hard? @ 10:30 am

I just knew this message was going to get badly diluted as it progressed. What Ullrich has ‘discovered’ is that banks provide the form to their users over a plain-text link – while taking the input from the form using an SSL link. This means that your password is not exposed to the Internet in […]

April 21, 2006

Two-factor authentication – what’s not to like?

Steve Riley always makes me think, sometimes so much that it hurts.  Thanks, Steve.  His latest blog posting is about two-factor authentication, and he’s asking for input on what you (we) want from it. First, a couple of examples on authentication. “I am Bill Gates.” – this is not authentication.  It’s identification.  The fact that […]

April 11, 2006

ActiveX behaviour change causes seizures.

Filed under: General Security @ 4:41 pm

The new ActiveX change will, apparently, cause seizures, and prevent ActiveX controls from running at all until clicked on. At least, that’s if you believe TechWeb Sadly, SANS chose this page, with its stunningly inaccurate and poorly worded description of the new ActiveX change, as their main link to describing what’s going to happen. The […]

April 10, 2006

Immigration idiocy

Filed under: Uncategorized @ 8:31 am

I’m struck by how many people are shown on the news spouting claptrap about immigration reform. The biggest offence, in my opinion, is to stand there and say that illegal (or “undocumented”, if you prefer) immigrants are law-abiding, tax-paying residents. Okay, number one… they are not law-abiding, or they would have abided with the law […]

April 7, 2006

The hardest working woman in IT

Filed under: Uncategorized @ 4:13 pm

This is a picture of the hardest working woman in I.T.: I know she must work hard, because not only is she in the front page of Webroot’s web site, but she’s also in several print adverts.  I’ve seen her in Global Knowledge’s adverts, and a couple of the ‘cheap adverts’ at the back of […]

April 5, 2006

Signs your crypto is wrong.

Here are a few signs that you might be doing crypto the wrong way: You’re using a third-party library “because .NET keeps throwing exceptions”.Explanation: .NET’s cryptography routines throw exceptions when you are doing something wrong.  If you are getting exceptions, you need to figure out why. You are encrypting (or trying to encrypt) with the private key.Explanation: […]

Desensitisation

Filed under: General Security @ 11:26 am

Sandi Hardmeier’s blog is always an interesting read. Today, she talks about the risks of desensitisation, and the tendency of human beings to trust email from certain sources. I tell all my users, “Don’t trust email attachments.  From anyone, at any time.”  No exceptions.  No “Unless you know/trust them.” Do not trust email attachments. It’s […]

IDE ate my source code

Filed under: General Security,Programmer Hubris @ 11:14 am

A tale to chill the blood of developers everywhere: “My IDE ate my source code” [For non-developers, “IDE” means “Interactive Development Environment”, and is how developers like to edit source code.] My attention was drawn to the line “I’ve been using Borland IDEs on and off for the past 17 years or so, and nothing […]

April 4, 2006

Security Exposure – it’s your behaviour, not your system

Filed under: General Security @ 11:46 am

Along the lines of the new theory of child-raising, where you teach that “Stranger” is a behaviour, not a person, I saw today this blog posting from the Microsoft Antimalware team. It highlights that in a recent analysis of the results from the (Malicious Software) (Removal Tool)(*), the most frequently detected piece of malware by […]

Next Page »

© 2017 Tales from the Crypto   Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs