Archives

Thoughts on Petya/NotPetya and two key questions. What should you do, and is it the fault of Microsoft Windows?

Every major IT security incident generates a ton of me-too articles most of which lack meaningful content. Journalists receive a torrent of emails from companies or consultants hoping to be quoted, with insightful remarks like “companies should be more prepared” or “you should always keep your systems and security software patched and up to date.”

…continue reading Thoughts on Petya/NotPetya and two key questions. What should you do, and is it the fault of Microsoft Windows?

How to remove the WINS server feature from Windows Server

The WINS service is not needed in most Windows networks but may be running either for legacy reasons, or because someone enabled it in the hope that it might fix a network issue.

It is now apparently a security risk. See here and Reg article here.

Apparently Microsoft says “won’t fix” despite the service still

…continue reading How to remove the WINS server feature from Windows Server

Privacy, Google Now, Scroogled, and the connected world

2013 saw the launch of Google Now, a service which aspires to alert you to information you care about at just the right time. Rather than mechanical reminders of events 15 minutes before start time, Google Now promises to take into account location, when you are likely to have to leave to arrive where you

…continue reading Privacy, Google Now, Scroogled, and the connected world

Adobe’s security calamity: 2.9 million customer account details accessed

Adobe has reported a major security breach. According to the FAQ:

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration

…continue reading Adobe’s security calamity: 2.9 million customer account details accessed

Does anti-virus work? Does Android need it? Reflections on AVG’s security suite

I’m just back from AVG’s press event in New York, where new CEO Gary Kovacs (ex Mozilla) presented the latest product suite from the company.

Security is a huge topic but I confess to being something of a sceptic when it comes to PC security products. Problems include performance impact, unnecessary tinkering with the

…continue reading Does anti-virus work? Does Android need it? Reflections on AVG’s security suite

Hands on with Microsoft’s Azure Cloud Rights Management: not ready yet

If you could describe the perfect document security system, it might go something like this. “I’d like to share this document with X, Y, and Z, but I’d like control over whether they can modify it, I’d like to forbid them to share it with anyone else, and I’d like to be able to destroy

…continue reading Hands on with Microsoft’s Azure Cloud Rights Management: not ready yet

Ubuntu forum hack sets same-password users at risk

Canonical has announced a comprehensive security breach of its forums.

Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database. The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one

…continue reading Ubuntu forum hack sets same-password users at risk

What is mobile security? And do we need it?

I attended Mobile World Congress in Barcelona, where (among many other things) numerous security vendors were presenting their latest mobile products. I took the opportunity to quiz them. Why do smartphone users need to worry about security software, which many users were glad to leave behind with their PC? I observed that whereas I have

…continue reading What is mobile security? And do we need it?

Another reason to use tablets: desktop anti-virus does not work

The New York Times has described in detail how it was hacked by a group looking for data on Chinese dissidents and Tibetan activists. The attack was investigated by security company Mandiant.

Note the following:

Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products

…continue reading Another reason to use tablets: desktop anti-virus does not work

Got a Ruby on Rails application running? Patch it NOW

A security issue has been discovered in Ruby on Rails, a popular web application framework. It is a serious one:

There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a

…continue reading Got a Ruby on Rails application running? Patch it NOW