The insecurity of Verified by Visa and MasterCard SecureCode

An article on the H points to this paper by Steven Murdoch and Ross Anderson, from the University of Cambridge Computer Laboratory, on the poor security design of the 3-D secure (3DS) protocol used by Visa and MasterCard in the UK and catching on worldwide. In addition, 3DS undermines privacy by sending a full description of

…continue reading The insecurity of Verified by Visa and MasterCard SecureCode

The end of Code Access Security in Microsoft .NET

In the early days of .NET I remember being hugely impressed by Code Access Security. It gave administrators total control over what .NET code was permitted to run. It’s true that the configuration tool was a little intimidating, but there were even wizards to adjust .NET security, trust an assembly, or fix an application –

…continue reading The end of Code Access Security in Microsoft .NET

Government security advice is misguided; switching browsers will not make you safe

I have mixed feelings about the recent government recommendations from France and Germany to switch from Internet Explorer for security reasons.

Although raising security awareness seems on the face of it to be a good thing, this is naïve advice and may do more harm than good. Security is a complex and multi-faceted problem, and it

…continue reading Government security advice is misguided; switching browsers will not make you safe

Have Windows OEM vendors learnt anything from Apple?

I’ve just set up a new consumer Windows 7 PC – it was HP’s Compaq Presario CQ5231UK, not bad value at £399 (VAT included) with Core 2 Duo E7500 (2.93 Ghz), 3GB RAM, Windows 7 Home Premium 64-bit – yes, 64-bit Windows really is mainstream now – 500GB hard drive and NVIDIA G210 graphics.

For comparison,

…continue reading Have Windows OEM vendors learnt anything from Apple?

Sophos Windows 7 anti-virus test tells us nothing we don’t already know

Sophos is getting good publicity for its latest sales pitch virus test on Windows 7. This tells us:

We grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up. Unfortunately, despite Microsoft’s claims, Windows 7 disappointed just like earlier

…continue reading Sophos Windows 7 anti-virus test tells us nothing we don’t already know

Hands On with Microsoft Security Essentials – terrible name, but product looks good

Microsoft has released its free Security Essentials software, antivirus and antispyware protection aimed at home users. It runs on XP 32-bit, or Vista or Windows 7 32-bit or 64-bit, the only technical restriction being that Windows must validate as “genuine”.  Businesses are meant to use Forefront Client Security, though “home-based small businesses” are specifically permitted

…continue reading Hands On with Microsoft Security Essentials – terrible name, but product looks good

O2 router attack shows danger of staying logged in

Concerned about web security? One thing that may prove more valuable than any amount of supposed security software (anti-virus and the like) is the simple good practice of logging out of web sites at the end of each session.

Here’s the reason. Let’s say you are logged into some site – could be Facebook, or Google,

…continue reading O2 router attack shows danger of staying logged in

Search for virus help highlights lack of authority in Google, Wikipedia

A contact suffered a trojan infection on his Windows XP machine the other day. He was alerted to the infection by Windows Defender, but the Remove or Quarantine actions offered by Defender did not work. If he removed the trojan, it reappeared on the next reboot. The installed AVG security suite sat there unconcerned.

I

…continue reading Search for virus help highlights lack of authority in Google, Wikipedia

Windows 7: why you should keep User Account Control at the highest level

Windows 7 makes it easy to adjust the settings for User Account Control, the system protection feature introduced in Vista. You can access User Account Control Settings from Control Panel, whereupon you see a slider with four settings:

1. Always Notify

2. Notify me only when programs try to make changes to my computer – don’t notify

…continue reading Windows 7: why you should keep User Account Control at the highest level

Microsoft disabling USB AutoRun in Windows 7 RC

It’s so easy. Install your virus or worm on a USB memory stick, set it to run automatically via AutoRun. An obvious security risk, and I’m surprised that Microsoft hasn’t already disabled the feature by default in a security update or service pack for XP or Vista.

The company is finally paying attention:

AutoRun entries on non-optical

…continue reading Microsoft disabling USB AutoRun in Windows 7 RC