Larry Seltzer

People like me, who write about security, are flooded with reports on the state of malware. Theyre often valuable enough and say interesting things, but on certain points they are invariably, and infuriatingly, vague. Symantecs blog May 9 on bots in corporate networks illustrates this point with a sort of innuendo. You might be surprised […]

When a company gets as big and important as Microsoft, everyone has legitimate gripes against it. To some degree its like dealing with the phone company; theyre big and impenetrable and, unless you seek a path off of the mainstream, you have to deal with them. Deb Shinder (a Microsoft MVP, at least for now) […]

It seems that everyone involved in online commerce and other online businesses that require authenticating the consumer are making money in spite of fraud, phishing and the like, but it would certainly be better if they could do it with less fraud. This is why I was excited by the announcement by VeriSign and Innovative […]

Ive said it before and Ill say it again: You just cant do enough testing of software systems. And as complexity of software systems rises, more testing is necessary. Do you think, for example, that a Boeing 747 is a complicated piece of machinery? I suspect it pales in comparison to Windows Vista for complexity. […]

They were heady days back in 2004 when the industry tried to reach consensus on a standard for SMTP authentication. The MARID (MTA Authentication Records In DNS) standards effort went down, partly in the flames of a political fight over patents with Microsoft, but the larger truth of the matter was that changes to heavily […]

Malware evolves. Like real software markets, if the opportunity declines then the purveyors will go elsewhere. Its well known, for example, that there are very few actual viruses anymore. And it looks like adware is headed in the same direction. Roger Thompson noted it in his blog. After making several other interesting observations about developments […]

A couple years ago I wrote an April Fools news story about how the Internet was going to be taken down over the weekend for maintenance. Wouldnt it be nice if things like this were possible? Of course it was just a joke, and thats how we should treat the notion of building a new […]

Business is business, but some things are dishonest, and dishonest usually gets away scot-free on the Internet. You can learn a lot about what legitimate looking sites are capable of, and what ordinary users are willing to do when asked, from the example of Tagged. Tagged is one in a flood of new social networking […]

Shortly before the revelation of the .ANI bug and the inevitable development of attack sites that it engendered, a prescient discussion was beginning about better ways to bring these sites down. Veteran botnet hunter Gadi Evron took his concerns public after a private discussion on the reg-ops (Registrar Operations) mailing list. The message stated that […]

There are many reasons to be disappointed in Microsoft over the .ANI vulnerability that is the talk of the security community the last few days. The analysis of the bug and its history speak badly of Microsoft’s efforts in many ways: The company’s patching practices came up short, its security protection technologies came up short, […]