Tales from the Crypto






         Alun Jones (Security MVP Reconnect) writes about security, cryptography, SSL, PKI, and pretty much anything else that bothers him enough.

Archive for August, 2006

August 29, 2006

When the inevitable happens, is it really news?

Filed under: DRM,General Security,Programmer Hubris @ 8:45 am

The BBC has an article about the cracking of Microsoft’s DRM protections for Windows Media format files. As I’ve mentioned before, “DRM works in exactly one scenario: when the owner of the rights also controls the behaviour of those subject to DRM”. Because the music producers have no effective recourse to punish music purchasers for […]

August 21, 2006

Vulnerability in WFTPD

Filed under: Uncategorized @ 11:57 pm

We all make mistakes, and I made a mistake in a piece of code buried deep within WFTPD. [Actually, I’ve made several mistakes, and there are certain to be a few I’ve yet to find.] As a result, some sociopath has been able to release an “exploit” – a program that can be run against […]

Insufficient System Resources to Complete API – part 2

Filed under: Miscellany - not security @ 11:42 pm

Okay, so apparently, I was a tad optimistic in saying that I had solved my hibernation issues on my laptop by simply disabling and then re-enabling the hibernation feature (which did have the desired effect of building a larger hiberfil.sys file). As it turns out, Microsoft have this one covered – in a manner of speaking. There’s […]

Protecting your laptop

Filed under: General Security @ 8:37 pm

I’d like to give my readers a description of some basic things you can do in order to protect your laptop. The first thing you can do is to itemise the risks that concern you. Here’s my risks list: Theft / Loss – I am worried that I will leave my laptop somewhere that I cannot return […]

August 20, 2006

Windows Live Writer

Filed under: Miscellany - not security @ 5:52 pm

 I’m trying out a new Blog posting tool, Windows Live Writer, currently available in beta test version. I spend a lot of time disconnected from the Internet, and I frequently get irritated that I haven’t found a tool that I can use to update my web site over lunch, on the bus, in the coffee […]

August 12, 2006

I’m a developer – I don’t do operations.

Okay, so there’s a point that Larry has here, in referring to Dare’s posts 1 and 2 – that operations and development are two separate skills. [Joe refers to it, too] I’ve suggested for a long time that developers should spend some time on technical support to find out how their customers use the product – […]

August 9, 2006

Laptop encryption notes…

Filed under: General Security @ 6:55 pm

More laptop encryption news: “A U.S. government computer loaded with approximately 133,000 drivers’ and pilots’ records — including Social Security numbers — was stolen last month, the Department of Transportation said Wednesday.” I’ve also been asked about the recent story of the VA losing(*) 38,000 records. This is actually a very different story, for the […]

How do I rate today’s patches?

Filed under: General Security @ 12:04 am

Initial impressions… “Holy crap!” That’s a lot of reading. 06-040 – install this sucker unless you block the usual RPC ports internally and externally. 06-041 – install this unless you never use DNS to external servers, or can apply the workarounds. 06-042 – install this on any machine that runs Internet Explorer. Then install it […]

August 8, 2006

Sometimes ‘journalists’ make me spitting mad

Filed under: General Security @ 9:26 pm

Okay, so I can’t believe I’m defending Apple in this post. Joe Barr writes in NewsForge (“The Online Newspaper for Linux and Open Source“), an article entitled “The Black Hat Wi-Fi exploit coverup“. He starts with a point I can get behind – that it’s hardly sporting to give a demonstration of an exploit using a […]

August 6, 2006

Wireless security

Filed under: General Security @ 11:07 pm

[Updated to reference Microsoft article on non-broadcast wireless networking] I read an article the other day in Information Week, by Preston Galla. The name rang a bell, and I remembered that he used to review shareware for ZDNet. The fact that I remember his name suggests that I disagreed strongly with what he wrote about […]

Next Page »

© 2017 Tales from the Crypto   Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs