Tag: Security

Latest Articles

Bruce Schneier on Certificate Authorities

Bruce Schneier on Certificate Authorities

“The CA system is broken, but it works because broken systems tend to be better for society, which needs fluidity in the face of complicated social constructs,” Schneier said. “Systems that are broken but work are very common in the real world: Front door locks are surprisingly pickable. Think of faxed signatures, for example. It’s […]

December 31, 2008
Well-designed security systems fail gracefully, SonicWALL does not

Well-designed security systems fail gracefully, SonicWALL does not

To quote Bruce Schneier, “well-designed security systems fail gracefully”.  This means for example when the ISA firewall service fails it closes off network connectivity entirely (ie retains security) instead of opening your entire network up (ie decreases security). This week SonicWALL’s license servers suffered a glitch rendering thousands of customer units useless and leaving the […]

December 6, 2008
SharePoint Security Resources

SharePoint Security Resources

Microsoft provides two useful resources for MOSS security: Security for Office SharePoint Server 2007 (downloadable book) Office SharePoint Server Security Account Requirements (worksheet) Link: John Westworth’s blog on Technet

November 17, 2008
Steve Riley on hypervisor attacks

Steve Riley on hypervisor attacks

  You have to ask: is there malware on my system? You can be 100 per cent certain there is no malware that you can detect, but less than 100 per cent certain that there is no malware at all. Now, ladies and gentlemen, isn’t this true of every computer we already have? There is […]

September 5, 2008
Exchange Server 2007 SP1 disables Exchange Anti-spam updates

Exchange Server 2007 SP1 disables Exchange Anti-spam updates

Here is the anti-spam configuration on an Exchange Server 2007 RTM server: [PS] C:\>Get-AntispamUpdates UpdateMode : Automatic LatestContentFilterVersion : 3.3.4604.600 SpamSignatureUpdatesEnabled : True LatestSpamSignatureVersion : 3.3.4604.600 IPReputationUpdatesEnabled : True LatestIPReputationVersion : 3.3.4604.001 MicrosoftUpdate : NotConfigured And here is the same Exchange Server 2007 server immediately after upgrading to Service Pack 1: [PS] C:\>Get-AntispamUpdates UpdateMode : […]

February 6, 2008
Security Spin Cycles

Security Spin Cycles

Jeff Jones posted a blog entry to celebrate Red Hat fixing their 1000th unique security vulnerability.  He also draws attention to a Red Hat post on their “Truth Happens” blog back in August, which itself quotes a post on Lxer.com. Jeff posts quarterly statistics on his blog that show how many vulnerabilities have been patched for various […]

October 17, 2007
Tom Shinder on “hardware” firewalls 3 Comments

Tom Shinder on “hardware” firewalls

Tom Shinder of ISAServer.org takes an amusing shot at the myth in some circles that a “hardware” firewall or “firewall appliance” offers more security than a Microsoft ISA Server firewall. I was drawn to a particular quote in his article about the relative security of ISA Server to other popular firewalls in the context of […]

August 31, 2007
The Security Alert That Wasn’t There

The Security Alert That Wasn’t There

I logged onto my laptop this evening to check something for work and noticed that Vista was showing a security alert in my system tray. I double-clicked the icon to open Security Center and find out what was wrong, and it informs me that my Windows Defender (the anti-spyware/malware built in to Windows Vista) is […]

May 13, 2007