Tales from the Crypto






         Alun Jones (Security MVP Reconnect) writes about security, cryptography, SSL, PKI, and pretty much anything else that bothers him enough.

Archive for January, 2007

January 19, 2007

RegQueryValueEx – how not to write a function document

Filed under: General Security,Programmer Hubris @ 10:18 pm

I’ve said before that I think some of our problems with unsecure development can be addressed by making documentation better. [Tech writers, please note – I don’t mean this to imply that you are responsible for all of these ills, but I do think that a little more effort and care would prevent developers from […]

January 14, 2007

Spelled your search word wrong? Let me hinder you.

Filed under: Miscellany - not security @ 12:27 am

I’m reading a blog posting by StepTo, and I see he’s describing Austria as Germany’s doggleganger. “Doggleganger? He means doppelganger, surely.” So, just to make sure that I’m not about to make a stupid mistake – after all, he’s using a German word in an article about Germany, written while he’s in Germany – I […]

January 13, 2007

Certificate Manager does not require administrator access.

When you manage your personal certificates in Windows, the tool to use is Certificate Manager – you can access it either by running “certmgr.msc” to access your own personal certificate store, or by running MMC, the Microsoft Management Console, and choosing File | Add / Remove Snap-in to add the Certificates snap-in. You’ll then need […]

January 11, 2007

Developers still don’t get it.

I’m perplexed by a statement made by one of the commentors on a recent Michael Howard blog posting. Why would you NOT run [Visual Studio] as an administrator at all times? As a developer, I spend enough time on my own work. I don’t need to be spending ONE second switching profiles, typing passwords, or […]

Security through marketing

Filed under: General Security @ 10:37 am

Social Engineering isn’t just a bad guy tool – it’s an important part of the Security Engineer’s arsenal. Consider user reaction to the following statements: We are going to enable strict auditing of all file access, so that we can see exactly what you do when you screw up. We are going to enable strict […]

January 10, 2007

Windows Vista UAC – pain point or protection?

Filed under: General Security,Windows Vista @ 12:05 pm

Symantec just wants us to make the right decisions, by taking over decision making. So why did Windows Vista’s UAC “[bug] the heck out of me–to the point where I tuned it out and, eventually, turned it off”? First, a quick mention of what Vista’s UAC is – it stands for “User Account Control”, and refers to […]

Steve Jobs makes announcement; industry press goes wild.

Filed under: Miscellany - not security @ 11:57 am

Late news this morning – Apple Inc’s Steve Jobs has just announced that he has released a new “iPoo” – it’s similar to existing piles of poo, with the exception that it has a picture of an apple on the outside, and it can only be used in conjunction with the previously released “iLoo”. It’ll also […]

January 9, 2007

GUI lets me disable it, how do I enable it?

Filed under: Miscellany - not security,Windows Vista @ 8:25 pm

Playing with Vista a little more this evening, and I clear some disk space to do some shrinking and expanding of partitions. The “Disk Cleanup” tool has a tempting 1.5GB that I can release by disabling Hibernate – which I’ve done, simply to free up a little space temporarily. Okay, now that I’ve done the […]

This week’s Microsoft patches – my take.

Filed under: General Security @ 5:35 pm

MS07-001 – Brazilian Portuguese grammar checker. My first thought is “this announcement is in English – I wonder if it’s been translated into Brazilian Portuguese yet?” If you have installed a Spanish language or Portuguese language version of Office, or installed those language’s grammar tools into a multi-language version, then you need the patch. Otherwise, […]

Do security professionals need to lose weight?

Filed under: Miscellany - not security @ 5:31 pm

I’m wondering this as I look around the general field of security professionals that I know – I’m a little on the chubby side myself, I know, but think of Jesper and Steve, they’re pretty skinny guys. On average, I’d say that security professionals are not necessarily guaranteed to be overweight. So why is it […]

« Previous PageNext Page »

© 2017 Tales from the Crypto   Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs