Menu:
another one bites the dust
Or fairy gold, or whatever. Like like Winternals is letting itself be bought by Microsoft, as reported by:
MS hires rootkit sleuth
Microsoft buys Winternals, gains Russinovich
It’s too bad that the free tools distributed by the company’s sysinternals site are almost all closed source. It’s be a crying shame if they became a casualty of that acquisition.
Posted by markus on Monday, July 24, 2006(0) Comments • Permalink • In the news
OpenSSL certification woes
Security validation of OpenSSL encryption tool uncertain
I can understand the political issues (read: financial stakes) involved. What puzzles me is this (nitpick mode on):
The decision means that government agencies can’t purchase the open-source tool for the time being, although those that have already done so will still be allowed to use it.
To the best of my limited knowledge, OpenSSL is an open-source toolkit. How would government agencies go about purchasing such a tool?
Posted by markus on Monday, July 24, 2006(0) Comments • Permalink • In the news • IT Security
password math
An interesting article: Password size does matter.
The obvious math quiz: For a given L, 256**L is a larger key space than 32**L. However, in practice the comparison even with forced “complex” passwords is probably closer to (92**2)*(32**(L-2)) than 256**L or even 92**L. Simple question: On average, how much longer do simple passwords have to be to fill a larger key space than the kind of “complex” passwords people can actually remember?
Posted by markus on Monday, July 24, 2006(0) Comments • Permalink • In the news • IT Security
The Xen of Virtualization
Looks like XEN is getting a lot of media attention these days, with the deal with Microsoft and all. Here’s another article: Climb Aboard the Xen Train.
I’m not sure what the deal with Microsoft will do to XEN, but my gut feeling is to be wary of anything touched by Microsoft. While they clearly target VMware (an enemy of my enemy is my friend, and the cancer of open source be damned), I don’t know how this will play out with XEN itself. On the other hand, it wouldn’t hurt to take XEN through more paces and the list of guests and hosts seems to be on the rise. I just wish somebody would port OpenBSD as a guest.
Posted by markus on Monday, July 24, 2006(0) Comments • Permalink • Emulation • In the news • VMware
And the other shoe drops…
Seems like Microsoft is feeling some heat from VMware, because in addition to releasing Virtual Server as a free of charge download, they’ve now followed suit with Virtual PC 2004 and eventually Virtual PC 2007.
Posted by markus on Thursday, July 13, 2006(0) Comments • Permalink • Emulation • In the news • Retrocomputing
IE in a sandbox
As reported elsewhere, a new product has been released that tries to ride the wave of IE security flaws: GreenBorder Pro.
According to the overview page found on Greenborder’s site, their product runs IE on top of a (patented) virtualization layer, which is supposed to isolate IE from the base OS and also sports a “reset to pristine state” feature. I am a bit bemused by this; it’s been years since I actively used IE - other than for the infamous Windows Update and occasionally testing if a website is rendered correctly in that browser. Simply put, I personally have no need for a commercial product to sandbox a perpetuall security headache that I don’t use in the first place.
While it may be beyond the skill and comfort level of many users, I much prefer to grab a copy of the free VMware player and run the pre-built browser appliance on it. If you use virtualization at all, why not go whole hog?
By the way, I do wonder how this virtualization sits with Microsoft’s licensing department. Will they want you to get an additional retail license for Windows or will they let this narrow use slide?
Posted by markus on Tuesday, July 04, 2006(0) Comments • Permalink • In the news • IT Security • VMware
Hacking the XBox
The xbox-linux project published an article detailing the xbox’s security architecture and how it was repeatedly compromised.
17 Mistakes Microsoft Made in the Xbox Security System
It’s an interesting read. I have never taken an interest in game consoles in the first place, but their use as a cheap, quiet, and cool set-top server is increasingly appealing to me. Clearly, the PS2 was always open to running Linux, which makes me wonder if the hardware was similarly subsidized (I suppose so). If the article has it right, Sony managed to both open the PS2 a lot wider where it didn’t bother them, while locking it down a lot better where it did.
Posted by markus on Tuesday, July 04, 2006(0) Comments • Permalink • In the news • IT Security