Category: Uncategorized

  • Three letter acronyms don’t provide good security!

    As a second part for my previous post, here is an other post where Deb Shinder gets it wrong (or at least emphasizes the wrong words): Security Mechanisms in Office 2007. My problem is not with the post per-se (because admittedly I only saw Office 2007 in the Channel 9 videos), but with this particular…

  • Biometrics is not the answer!

    Deb Shinder is the resident MVP at Sunbelt Software. One of her posts caught my eye and I felt the urge to post about it: Passwords: A Thing of the Past? In it she advocates to use biometrics as a replacement for passwords. Here are my (not so positive – as you may have guessed)…

  • A new contest

    I know that it’s a little bit late, but hopefully some of you may still find it useful: The nCircle VERT challenge #1

  • A long required update

    Hello all. Again I find myself swamped with work, so I’m a little MiA. I still will try to keep up the blogging and bring you (hopefully) useful information. So here are some links and my opinions about them: The McAfee lab guys think they’re smart. And most probably they are. However the above mentioned…

  • What the market will bear

    Very frequently I see the idea that capitalism (or market economy) will somehow ensure that the end-users get the best possible products with the lowest prices. Yet many times common wisdom contradicts this. How is it possible? (Disclaimer: I’m no economist, these are just some personal ideas and observations). Personally I think that there are…

  • PHP security, an oxymoron?

    I’m in the finishing phase in the development of a medium sized web application and would like to share some of my findings. The system is developed in PHP for two reasons: The LAMP platform is a well accepted one and finding hosting companies supplying it or convincing the IT administrator to deploy it internally…

  • Disclosure policy = dead horse?

    Over at the nCircle blog Ryan Poppa concludes that debating disclosure policy is beating a dead horse because after many years of debate there is still no industry standard. The only positive things in his opinion is that the continuing debate introduces people who might not have heard all the arguments in this matter to…

  • Removing Snap

    Snap.com previews seem to be very fashionable these days (if you don’t know what I’m talking about, its those previews of the sites which appear when you place your mouse cursor over a link), but it is very annoying (almost as annoying as those ads which appear when you hover over certain words in the…

  • Managed security

    It is funny (or sad, depending on how you look at it) when you realize that all modern OSs have the ability to run with a very high safety level (where 99.99% of the security issues don’t affect them), yet malware is so widespread. Some people who get blamed for this are: Microsoft for making…

  • Full disclosure – repaired

    That was quick. Thanks to my emails the blog posting which posted detailed information about how to root a given ISPs routers via an erroneous default configuration got sanitized. Just to be clear: I’m not against full disclosure. I’m pretty much in favor of it – if used for doing good. Because this sounds to…