Tales from the Crypto






         Alun Jones (Security MVP Reconnect) writes about security, cryptography, SSL, PKI, and pretty much anything else that bothers him enough.

Archive for July, 2007

July 26, 2007

firefoxURL:%03

Part 3 – and I promise that’s the lot for now, because it’s starting to look like I’m obsessed or something. Over the past week or so, you’ve read me talking about vulnerabilities in Fire fox’s protocol handlers, and how my perception is that Internet Explorer is neither the source of the flaw. A few […]

July 24, 2007

FirefoxURL – potshots part deux

Filed under: General Security,Programmer Hubris @ 12:51 am

I’ve been encouraged to collect together some comments that I’ve made over on other people’s blogs about the firefoxurl: vulnerability. First, I do have to note with a little embarrassing schadenfreude that Mozilla’s Window Snyder, Chief Security Something-or-other, has acknowledged that Firefox exhibits the same simple parameter passing mechanism as Internet Explorer (curiously without mentioning Jesper’s […]

July 22, 2007

firefoxurl: URL vulnerability

Heard about the firefoxurl vulnerability? It turns out that you can exploit Firefox by having Internet Explorer visit a link to a URL that starts with “firefoxurl:” (and a bunch of other code). [Assuming you have Firefox on your computer along with Internet Explorer] This is because Internet Explorer blindly accepts and passes the entire contents of the URL […]

July 21, 2007

Tip of the month: don’t get your security advice from Computer Shopper

Filed under: General Security,What my wife knows @ 6:35 pm

Obviously, I read Computer Shopper, or I wouldn’t have come across this as their “Computer Cures Tip Of The Month“, but here’s something that gets my goat every time I see it: “I’d also advise he configure his router to stop broadcasting the SSID altogether.” … That’s an excellent addendum. The SSID is network-name data […]

July 10, 2007

Aitel’s "Immunity" keeps bugs alive?

Filed under: General Security,Programmer Hubris @ 9:08 am

A couple of telling paragraphs from a story on Justine Aitel, CEO of Immunity, Inc. (nice to know Dave’s keeping it all in the family, just like we do at Texas Imperial Software): Immunity, which buys but does not disclose zero-day bugs, keeps tabs on how long the bugs it buys last before they are made public […]

July 8, 2007

diskpart ‘shrink’ needs a little work…

Filed under: Miscellany - not security,Windows Vista @ 4:02 pm

I’m playing with BitLocker a little, and I need a small temporary partition to encrypt and decrypt on a frequent basis. No problem, right? I can just open up Computer Management, select Storage, Disk Management, and then shrink a volume that has lots of space. [I can do the same with “diskpart” from the command […]

July 4, 2007

Protecting the data

Filed under: General Security @ 11:50 am

Steve Riley posts on a topic he discussed at Tech-Ed – protecting the data, because everything else is just plumbing. He has a point – after all, the thing most needing securing on your system is your data – the hardware, OS and tools can all be replaced at nominal cost (generally by buying a […]

© 2017 Tales from the Crypto   Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs