Larry Seltzer

I don’t do a lot of reviews anymore, but I spent about 13 years in the reviews business, testing a wide variety of products. A badly-done, badly-thought out review hits me like fingernails on the blackboard. So it is with the recent Consumer Reports story on computer security and accompanying review of computer security software […]

In light of some recent vulnerability announcements, research has shown OpenID to be an untrustworthy system. This is disappointing; I really liked OpenID. But it also conforms to some suspicions I had about it from early on. OpenID is a protocol for authentication. One party, the OP (OpenID Provider)-it can be anyone, but some famous […]

There’s no doubt that Georgia is being militarily attacked by Russia. Russia is dropping actual bombs deep inside the country, and it’s not clear, at the moment, how far the attack will go. There are also reports that cyber-warfare attacks are under way, and here the picture is less clear. Jart Armin’s RBN Blog, which […]

The news is full of talk about Microsoft’s Midori, a research project to make Windows more distributable and reliable. But Microsoft has many other research projects and directions for Windows in the works. One thing that has been clear for a while about operating system design at Microsoft is that it will be changing the […]

Users spend little time thinking about Internet registries like ICANN or VeriSign because they don’t deal with them directly. Perhaps they should. VeriSign and the other companies that operate the top-level domains on the Internet are critical infrastructure. At least some of them are. What if one of them was to fail somehow? This is […]

I spend a lot of my time writing about security bugs found in products and what is done about them. In fact, there are hundreds of blogs and news outlets that spend a considerable amount of time on such bugs. The news “markets” seem to think they’re worthy of the attention. An industry has built […]

A study by researchers at the University of Michigan finds that more than 75% of bank web sites had at least one design flaw that could allow attackers to compromise users accounts or their identities. Unfortunately, the data was collected in November and December of 2006. The research was presented in a paper last week […]

Before we go anywhere else with this, if you haven’t yet patched your DNS servers against the DNS spoofing bug revealed earlier this month, you’ve made a big mistake. Drop everything, cancel your vacation and patch it now. The news and blogosphere are full of advisories, such as this one from Microsoft, warning of the […]

Perhaps too late, it’s widely recognized now that the IPv4 address pool will run out in the next few years. The current prediction, based on current data, is for the IANA to exhaust its pool on Jan. 25, 2011, and for the last block from the last RIR (Regional Internet Registry) to go on Dec. […]

The most striking fact about the San Francisco network lock out case has been the absence of details that would allow an informed outsider to say “Oh, that’s what’s going on.” We’ve been left mostly with vague accounts from spokespeople. But one thing must be true of this incident: Administrative controls in San Francisco government […]