Quantum Security

The May 2008 issue of TechNet Magazine is out. It has an article in it that I have been wanting to write for a long time, called Quantum Security. In it I posit the argument that there are some fundamental laws of security, similar to the laws of physics, which we must not ignore in our risk management practices. I also got to include a revised version of the age-old Annualized Loss Expectancy (ALE) equation. Anyone who has taken the CISSP exam should be familiar with ALE. I believe the equation in common use is outdated and fails to account … Continue reading Quantum Security

How to remove the security warning, or should you?

This morning there was an interesting question in the Windows Vista Security Newsgroup. The poster had written an application that users were downloading. However, when they ran the application they received a warning dialog, like this one: The poster wanted to remove this warning dialog to avoid confusing users. This dialog is created because Internet Explorer, and some other applications, add a bit to the file to mark it as being downloaded from the Internet. It serves as a warning that this may be untrusted content. If the file is digitally signed, the warning does not have the red shield, … Continue reading How to remove the security warning, or should you?

Today’s forecast for O’Hare: Lots of Vulnerable Computers

Olliver Sommer, a German Small Business Server MVP, flew home from the Microsoft MVP Summit via O'Hare Airport in Chicago. While there, he spotted this wonderful piece of advice for how to configure your computer to use the airport wireless network. The document is meant well, but lacks a bit in the execution. It recommends that you disable exceptions in Windows Firewall because doing so stops attacks through Windows Messenger while on the wireless network. Of course, you would only get attacked through Messenger if you actually accept unsolicited requests from people. The document then goes on to show how … Continue reading Today’s forecast for O’Hare: Lots of Vulnerable Computers

Apparently I am an Australian MVP

The Australian MVPs at the Microsoft MVP Summit this week were overshadowed in national pride only by the Canadians, by a lot. So, the Australian's coopted a Brit and, well, me, so their attendance numbers would look better. The result is on Flickr. So guys, does that mean you're going to have me come back down under anytime soon, like, say, during diving season?

What I Learned from Attending the Windows Launch Event Today

Today I attended the Microsoft 2008 server wave launch event in Seattle. In the process I learned a number of things: The launch event apparently does not need to coincide with actually launching anything. Server 2008 launched a couple of months ago. Visual Studio 2008 launched in November 2007, and SQL Server 2008, the third part of the tri-fecta that comprised the launch, will not actually launch until the third quarter this year. The primary purpose of launch events is apparently to get free junk, and in some cases, other stuff, from a collection of vendors you have never heard … Continue reading What I Learned from Attending the Windows Launch Event Today