Month: November 2007

Well, sure it is. According to the Firefox web site, which must of course be untainted by marketing claims since it is Mozilla, " Firefox continues to lead the way in online security". OK, marketing hyperbole aside, I'm a data guy. I care about what the data says. Fortunately, Jeff Jones collected the data and did the analysis. Rather than color your conclusions by mine, I will let you draw your own conclusions from his analysis because (a) Jeff is a friend of mine and I won't let that influence a judgement, and (b) there may be a slight conflict … Continue reading Is Firefox More Secure than Internet Explorer?

Another day. Another data leak. Another round of buck passing. Another round of unsubstantiated claims that they really do care about people's personal information. This one is a doozy though. A junior IT admin at Her Majesty's Revenue & Customs (the UK tax office) apparently put personal data on 25 million people on a disk and sent it by bicycle courier to a different office. The courier managed to lose (or sell?) it in transit. In other words, this guy took names, addresses, phone numbers, bank account information, birth dates, and national ID numbers, of over 40% of the UK … Continue reading UK Government Leaks Data on Half The Country

No matter how smug you are about it, and how much you claim that security is someone else's problem, software will have vulnerabilities. It is a fact of life because software is, by far, the most complex engineering task mankind has ever undertaken. In that light, I found a quote by Alan Paller, of the SANS Institute, in the latest @Risk Consensus Security Vulnerability Alert quite revealing: If you are ever asked which operating system is safer, the following 'non-aligned' rule may be of some help. Given a fixed level of programming skill, the number of vulnerabilities in software is directly proportional … Continue reading All Software Has Vulnerabilities

If it weren't because too many security departments are like Mordac, today's Dilbert would be funny. Unfortunately, there are still far too many people working on security that fail to recognize that nobody actually wants security. Nobody bought their computer, or built a network, or hired an IT staff, because security was the ultimate purpose. They did all those things to get something else; efficiency, access to data, to build a web site, enable people to communicate via e-mail, etc. Security is merely the thing they have to have to make all those other things safe. Security is not the end … Continue reading Dilbert Knows Why Security is Struggling