Larry Seltzer

It’s not news that Adobe and their products are a major target of vulnerability research and malicious hackers. This is a trend that will only grow. If they were still doing such things, we could soon expect the Month of Adobe Bugs. The major security story of a couple weeks ago was initially reported as […]

User Access Control in Windows Vista has been such a controversial development that it’s worth re-examining periodically. Let’s restate the purpose of UAC: It is to allow the user to run the system as a standard user, not administrator, and still have relatively easy access to privileged operations when they are necessary. UAC (click here […]

Failure to find all malware in the famous WildList can cause an anti-malware product to fail VB100 certification. Sometimes this is scandalous, as when Microsoft’s OneCare failed WildList testing last year to widespread derision. But what does the WildList really prove? In fact, insiders in the anti-virus industry, especially vendors, are widely derisive of the […]

Public key encryption is so powerful and yet its impact on computing is disappointing in many ways. I think there’s a notion that it’s a very technical, complicated subject, therefore it needs to be left to very technical people. And those people can take care of themselves. Nobody has tried to bring public key infrastructure […]

Internet alert systems such as the ISC’s Internet Threat Level and Symantec’s Threatcon may have gone back to “Green,” but it’s way too early to say the Debian OpenSSL bug has played itself out. I think this is one of those problems that will be exploited for months, if not years to come. Most of […]

I don’t usually get my column ideas out of The Armed Forces Journal, but a recent article there has been getting attention in the computer security community. In it, Col. Charles W. Williamson III proposes that “…America needs a network that can project power by building an af.mil robot network [botnet] that can direct such […]

We first started hearing about the coming depletion of IPv4 addresses back in the ’90s, and many scoffed at the notion. Sure enough, the adoption of NAT ended the crisis, at least for the short term back then. But here we are in the late ’00s and we’re back in crisis. Current research indicates that […]

I’ve thought for a while now that the anti-malware business is a boring one with little news worth writing about. This impression was validated when I noticed the decrepit state of Mitre’s CME (Common Malware Enumeration) project. Mitre is the group that administers CVE (Common Vulnerabilities and Exposures), an undoubtedly useful project, CVE is a […]

I’ve always been a fan of code signing. It seems clear to me that trust is a major issue for code you bring onto your system, and digital signatures can improve trust. But it’s also clear that code signing is a messed-up process. On popular general-purpose computers it’s used widely only on Windows, and nowhere […]

Some bad ideas seem to live on forever. One of the big ones in computers is to use hacker tactics to perform white-hat operations on an Internet scale. The classic example of this is the “good worm” idea-a worm that spreads among computers to improve their security. There have been attempts to do this in […]