Larry Seltzer

The reason there is spam is because there’s money in it, or at least spammers think so. The technical reason there is spam is that the SMTP protocol used to transport e-mail on the Internet is unauthenticated. A few years ago a solution to this problem was put in place, but it doesn’t seem to […]

Not many in the security community are impressed with the BBC’s cheap trick of buying a botnet and using it to demonstrate what botnets can do. I’m as disappointed with Prevx, the security vendor who cooperated with the stunt. Despite the BBC’s assertion that no laws were broken, I’m more impressed with those who cite […]

During his campaign, President Obama promised that he would “make cyber-security the top priority that it should be in the 21st century. I’ll declare our cyber-infrastructure a strategic asset, and appoint a national cyber-adviser, who will report directly to me.” About a month ago Obama appointed Melissa Hathaway, who served as the cyber-security coordinator executive […]

When you budget time this coming Patch Tuesday (March 10) don’t forget to leave some in for the following day, March 11, when Adobe will grace us with the update to the latest zero-day vulnerability in Acrobat and its Reader program. The exploits of this vulnerability don’t appear to be widespread, but you have to […]

It was the first of the mail viruses. Melissa hit the scene in March of 1999 and seemed a little like black magic. Open an e-mail attachment, from someone you know, no less, and suddenly other people you know are getting the same e-mail. Melissa required Microsoft Office, Word and Outlook in particular, using VBA […]

I’m coming to the belief that Windows 7 is basically Vista 1.5 – a notably upgraded, but not substantially different, product. But the passage of time and “work” done by Vista has freed Windows 7 from the disrepute of its predecessor. My sense of the complaints about Vista is that the two biggest ones had […]

Some software companies have learned a lesson from this decade that you don’t protect your customers by pretending that vulnerabilities don’t exist in your software. And then there’s Adobe. The story of the latest zero-day exploit of a vulnerability in their products tells a sadly familiar tale of how low a priority vulnerabilities are to […]

The one presentation from the recent Shmoocon that I want to focus on is Chris Paget’s on hacking the US Passport Card. This presentation takes an hour, but I urge you all to take some time for it. It’s not just the great hacking perspective, it’s that he gives further proof of how an initiative […]

When Microsoft went to the regular monthly patch cycle many years ago it seemed counter-intuitive to many. Turns out it’s very popular among enterprises. But it still rubs some people the wrong way, including Wolfgang Kandek, chief technology officer at security company Qualys. Kandek has been quoted in more than one publication recently arguing that […]

If you were in charge of the nation’s cyber-security what would you focus on? One really scary problem that doesn’t get enough attention is the insecurities in BGP, the router protocol of the Internet. BGP has been getting some attention as of late from Homeland Security, but it’s still way down the list of sexy […]