Tales from the Crypto

         Alun Jones (Security MVP Reconnect) writes about security, cryptography, SSL, PKI, and pretty much anything else that bothers him enough.

Archive for July, 2006

July 31, 2006

Ten reasons Dr J wants to go to Amazon.

Ten reasons Dr J wants to go to Amazon. 10. Tired of working at a desk, wants to work at a door on breeze blocks instead. 9. Commute to Downtown Seattle is better than commute to London, New Zealand, Japan, Barcelona, Amazon Basin, Tsurinam, Atlantis, etc. 8. Tired of dealing with all those damn MVPs […]

July 29, 2006

How hard do you want to make this?

So, I’m beta testing Outlook 2007, and it’s got some really pretty “ribbons” that indicate that they’ve gone to great lengths to improve the user interface. Today, I’m creating a distribution list from a number of people that have emailed me. This should be easy. Here we go… Create a new distribution list, give it […]

July 28, 2006

Backing up the data is not sufficient – you have to restore it, too

Filed under: General Security @ 9:38 am

When was the last time you restored from your backups? If you answer “never” (or even anything approaching “quite some time ago”), your backups might well be completely useless, for all you know. Without testing the restore procedure once in a while, your backup process is a waste of time. Literally – you’re replacing one […]

July 26, 2006

Error: Insufficient system resources exist to complete the API.

Filed under: Miscellany - not security @ 7:59 pm

This message (“Insufficient resources exist to complete the API”, along with an event log event ID 26 from “Application Popup”) has been popping up on my laptop from time to time, along with the rather troublesome issue that the machine refuses to hibernate. I had it set up so that I could close the lid, and the […]

July 24, 2006

"Steam will save the world"

I was reminded last night, that there are always going to be some constructs that your static analysis tools won’t save you from. [A point made by Microsoft’s Michael Howard, in his blog and in his new book on the Secure Development LifeStyle… er… LightCycle… er… LifeCycle] For instance, here’s a piece of code:#include <windows.h> […]

July 19, 2006

Programmer Hubris Part 3: Microsoft Knows I’m Not That Into Them

Filed under: Programmer Hubris @ 6:30 pm

In Programmer Hubris Part 1, I described that frequently I'd come across applications that impinge on my consciousness far more than is justified by my infrequent use of them. I expressed it rather simply as "I'm just not that into you". You, the developer, may believe that your app is the most important thing in […]

July 18, 2006

Defence in death

Filed under: General Security,Why is PKI so hard? @ 8:56 pm

“Defence in depth” (or “defense in depth”, if you’re American) is a frequently misunderstood term in security. It refers to designing your software with the assumption that layers above you that were supposed to protect you have failed to do so – in whatever manner is most inconvenient to your application. As Steve Riley points […]

July 17, 2006

Where did Private Folders go?

Filed under: General Security,Why is PKI so hard? @ 7:48 pm

Wow – yesterday, you could download “Microsoft Private Folders” (if you were attested as Genuine) from Microsoft’s downloads site. Today, it’s gone. There’s a brief synopsis of the story at the Seattle P-I’s site here – as usual, I’m patient enough to wait while you go and read it. As a security engineer at a […]

July 16, 2006

Your security is my inconvenience.

Filed under: General Security @ 10:47 pm

I’m reminded again, this weekend, that many companies engage in security practices that are, at best, inconvenient to their customers, and at worst, a poor attempt at security. As an example, consider my son’s use of his computer. Every so often, he’ll damage or break a CD of one of his favourite games. OK, for […]

July 15, 2006

Is a denial-of-service a vulnerability?

I always like to ask questions that make everyone answer immediately with what they are sure is the right answer, and then tell them that they haven’t thought it through. The title of this post is one such question. The answer is “yes”, right? Sometimes, yes, but sometimes, no. Let’s think about it a little. […]

Next Page »

© 2017 Tales from the Crypto   Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs