Menu:
gotta love Microsoft
Microsoft Windows Root Certificate Security Issues
I don’t know how much of a problem this is in practice, but be glad if you can run Linux instead.
Posted by markus on Wednesday, July 25, 2007(0) Comments • Permalink • In the news • IT Security
interesting denial of service idea
MIT Project aims human buffer overflow at Secret Service
Apparently the Secret Service takes an interest in people who value their privacy and inquire about the yellow-dotted “serial numbers” some or all color printers emit as a way to identify counterfeiters.
It’s a thought to sign up as many people as you can to send their own inquiries to the printer manufacturers. On the other hand, does anybody know if a (carefully selected) pattern of yellow dots wouldn’t solve the privacy problem with less exposure?
Posted by markus on Saturday, July 21, 2007(0) Comments • Permalink • In the news
come again?
Release Notes for Windows Media Player 11 Beta 2 for Windows XP
Backing up and restoring licenses
Windows Media Player 11 does not permit you to back up your media usage rights (previously known as licenses). However, depending upon where your protected files came from, you might be able to restore your rights over the Internet.
Enough said.
Posted by markus on Thursday, October 05, 2006(0) Comments • Permalink • In the news
blast from the past
The Register reports that the (Bombe) that broke Enigma code is rebuilt, the culmination of a ten-year project.
Too bad I don’t live in the U.K. anymore, I wouldn’t mind taking a gander.
Posted by markus on Monday, September 11, 2006(0) Comments • Permalink • In the news
Debian forks cdrecord
The short version is that cdrecord tools is apparently comprised of source files and a build environement sporting a mix of licenses, the specific combination thereof the Debian team deemed as unacceptable, because in their opinion it would prevent them from distributing binaries for the cdrecord package.
There’s an amusing thread on /. about whose interpretation of the license is right or wrong - among other topics. Most posters miss the point entirely, though. It doesn’t matter whose interpretation of the legal situation is correct - the only issue that matters is whether or not the author of cdrecord can convince the relevant people at Debian that they can legally distribute his software; failing that, they had no choice but to remedy the problem, which in this case led to the creation of a fork from the last unencumbered version.
Interestingly enough, Fedora reached a similar conclusion.
There’s precedent for this pattern, other “characters” have been deemed to difficult to work with, to the point where it’s less painful to rewrite or fork their code. It will happen again.
(0) Comments • Permalink • Generic Geekery • In the news
so about the lack of PC games…
I haven’t done a lot of gaming in recent years, but I do peruse the shelves of game purveyors once in a while. I’ve noticed that in the last few years, console games are crowding out PC games. According to Id’s Kevin Cloud, it’s piracy whodunnit.
Without a doubt, piracy results in lost revenue, although credible analysis is hard to come by and piracy as the default culprit for lagging sales is getting old. The people commenting on the story make a number of valid points. PC games have increased in price, while not offering much in return other than eye candy. The PC is a fragmented platform, which drives up development cost at a time when game publishers are squeezed to develop on the cheap. Intrusive copy protection and in-game product placement are not likely to boost sales. And so on…
I myself am somewhat of a curmudgeon when it comes to games. I never cared for the types of games I associate with consoles and that well is poisoned beyond recall; on top of that, I’m not willing to spend money on (more or less) single purpose hardware, when I have plenty of perfectly good general purpose PCs around. I haven’t had all that much free time to play games in recent years, but I would make the time if there were games that I could get into. The Sims and other god games are fun, right up until the point when the inevitable micro-management spoils it. FPS and real-time strategy games don’t much interest me and decent adventure games are few and far in between. So what’s a gamer to do…
Posted by markus on Monday, August 14, 2006(3) Comments • Permalink • Generic Geekery • In the news
from the “I told you so” department
Old hard drives yield dark secrets
It’s hardly surprising that old hard drives contain all kinds of juicy information. I’ve said for years that old disks acquired through ebay or the like are ideal for forensics target practice. Having said that, it nevertheless amazes me that free and readily available tools like Darik’s Boot and Nuke aren’t in universal use.
Posted by markus on Monday, August 14, 2006(0) Comments • Permalink • In the news • IT Security
more Windows “Genuine” “Advantage”
Another article on WGA: Microsoft to Tighten the Genuine Advantage Screws .
This paragraph in particular caught my attention:
One element of Microsoft’s OEM-focused Genuine Advantage strategy could be increasing the number of copies of Microsoft Office that are preloaded on new PCs. Under an internal Microsoft program known as the Unlicensed PC Initiative, the company is working to reduce piracy by curbing the number of new PCs sold without Windows – and, increasingly, Office—preloaded on them.
In addition to some other comments that come to my mind, I can’t help wondering of the profits from an increasing number of preloaded copies doesn’t already make up for the alleged losses due to piracy…
Posted by markus on Thursday, August 10, 2006(0) Comments • Permalink • In the news
a bit of a puzzler
For once, people seem to fuss about the wrong issue…
So Microsoft tries to do something about kernel rootkits. Criticism abounds and reasoned comment is hard to find, not that the source of the latter is particularly friendly towards Microsoft.
In nutshell, it’s perfectly okay to flame Microsoft for not hardening their kernel in the first place. If the fix doesn’t close all the known holes, then there’s another obvious problem. Clearly, purveyors of third-party security products have a vested interest in being able to install their wares, but if they already complain about a partial fix, what would they say about a fix that left both them and the malware writers high and dry? Looks like they are between a rock and a hard place, doesn’t it?
Update: More media coverage: Windows defense handcuffs good guys
I still don’t know that the security vendors have a legitimate grievance. However, there is the problem with Microsoft entering the security market. A partial fix that appears designed to deal a major setback to competitors, while leaving the door wide open for the bad guys deserves a few raised eyebrows.
Posted by markus on Monday, August 07, 2006(0) Comments • Permalink • In the news • IT Security
Nessus 3 vs. OpenVAS
A recent announcement of a new Nessus 3 plugin (Nessus 3 Agent-less Compliance checks) reminded me of this particular open source vs. closed source can of worms.
To state the obvious, it’s up to the copyright holder to chose the license under which their product ships. It is also obvious that closing the source on a previously open-source project is certain to antagonize a subset of users and perhaps a sizeable one at that. Tenable spun their decision one way, the people that kicked off the OpenVAS fork have a different view. I haven’t kept tabs on either Tenable or OpenVAS; perhaps they’re both doing well, perhaps not.
Speaking for myself, Nessus 3 as closed source doesn’t work for me for philosophical and pragmatical reasons. It seems increasingly geared towards a clientele that is shopping for an off-the-shelf product and while I don’t know how much the open-source user community contributed back to the project, there is less incentive to contribute to a commercial project.
Posted by markus on Monday, August 07, 2006(0) Comments • Permalink • In the news • IT Security
a target-rich environment
New and not so new attack targets, a current crop reported by HNS:
Javascript Attacks on Steroids
Attackers pass on OS, aim for drivers and apps
Red flag raised over NAC security
Even offline computers can be hacked, researchers say
Blackjacking and RFID passport exploits star at DEF CON
(0) Comments • Permalink • In the news • IT Security
what took them so long
Ransomware getting harder to break
This is a worrying trend, but I’m surprised to learn that there’s any ransomware susceptible to decryption in the first place.
Posted by markus on Monday, July 31, 2006(1) Comments • Permalink • In the news • IT Security
IP Encryption
IP as in intellectual property, that is.
IP Encryption Expected To Restore Trust With Consumers
I don’t know about you, but for me it’s a very simple call. Either I can exercise the right of fair use without impediment or I can’t. “IP encryption” appears to be newfangled euphemism for DRM and I’m still waiting for a coherent explanation of the benefits of DRM to me as a consumer.
Posted by markus on Monday, July 31, 2006(0) Comments • Permalink • In the news
vaporware wars
I suppose this is another relationship with Microsoft gone sour:
Symantec continues Vista bug hunt
With Microsoft entering the security product arena, small wonder that Symantec starts to treat them as the direct competitor they now are. What’s amusing about this story is that Microsoft’s strategy of annoucing vaporware products way, way in advance to sow FUD about competitors is applied to them - preemptive FUD about a major selling point of the upcoming product.
Posted by markus on Tuesday, July 25, 2006(0) Comments • Permalink • In the news • IT Security
no kidding
Security Pros Wrestle With Data Overload
Having spent some time co-developing a SIM, I feel that pain. Worse, I have an urgent need to do more of the same. I’m pretty much willing to commit to writing another custom SIM to address my specific needs.
Posted by markus on Monday, July 24, 2006(0) Comments • Permalink • In the news • IT Security