Category: security

  • Security charlatans

    Why do people go to charlatans? Because they make them feel good about themselves Because they will make a big effort to speak in a language which the customer understands and can relate to (even if the things said are not-that-true) Because sometimes they (the charlatans) get to a level where they themselves believe that…

  • Browser Password Manager test

    This is rather old, but still good (originally found it via the Pat’s Daily Grind blog): a security company did some tests with the password manager included in different browsers. And of course they slapped not one but two sensationalistic titles on it (“Google Chrome Receives Lowest Password Security Score” and “Safari Ties for Last…

  • PHP security is scary!

    I knew that PHP limits the amount of memory that one script can allocate, so life is good, right? Right? Wrong! Reading the documentation it states: Changeable – PHP_INI_ALL, meaning that you can change it using ini_set from the script itself. Even worse, it goes on to say: “Note that to have no memory limit,…

  • You say features, I say (possible) vulnerabilities

    I was listening to a recent MindOfRoot podcast (good podcast BTW if you are interested in IT type topics) which included an interview with a Microsoftie about WS-MAN (sorry for not recalling the exact name of the person). If you don’t know (I didn’t) WS-MAN stands for (drum roll please): web services management. That’s right…

  • Can you test AV using VirusTotal?

    Just a little post to bait Kurt 🙂 Many people are up in arms about the idea of submitting a sample to VirusTotal and interpreting the (usually rather poor) detection count. A few links to get you started: virustotal usage FAIL why perform virustotal based av tests? “Only X Out of 32 Antivirus Products Detect…

  • Bulletproof hosting

    Google not being evil 🙂

  • Spam from the F-Secure forums

    It is no secret that I have less than stellar opinion about F-Secure (the short version is: in my opinion they are a reseller of the Kaspersky engine, but usually manage to get lower detection rates in tests and they like to talk about their research, even though all the hard work is done by…

  • Improvement to Software Restriction Policies in Windows 7

    While listening to the episode of RunAs Radio about Windows 7 I’ve heard about AppLocker, a beefed up version of Software Restriction Policies. It is an interesting improvement, but I expect that it will still be enforced from User Mode, making it not as secure as it could be. Also, given the recent mishaps with…

  • SSLFail

    Tyler and Marcin started the site SSLFail.com, which inspired me to do some digging of my own. The results are shocking! A few words about the methodology: I took the top 1 000 000 sites list from Alexa (love them or hate them for their toolbars, but it is very nice of them to provide…

  • Preventing your site from becomming a spammer heaven

    An other resource to help webmasters keep their new years resolution: Preventing Virtual Blight complete with video and slides 🙂