Larry Seltzer

One of the mailing lists I read carefully is SecurityFocuss excellent Focus-MS list. In the aftermath of Microsofts disclosure in July of the infamous RPC/DCOM vulnerability and its patch release (known in MS security jargon as MS03-026), an interesting discussion arose on Focus-MS about Microsofts efforts to publicize the disclosure and patch. A reader said […]

The case of James “Whitey” Bulger should have been a lesson to the FBI, or perhaps to us all. Now high on the governments Ten Most Wanted list, Bulger used to be a secret buddy of the G, helping them to prosecute the Italian mafia while protecting his own ongoing criminal activities. The FBI allegedly […]

Many years ago, Tim Berners-Lee, father of the World Wide Web, spoke at a conference. His message was that URLs that users could decipher were a bad idea. Web applications should employ URLs that are deliberately complex—black boxes for which only the Web server has a key. That way, programmers could ensure and control the […]

While writing my column earlier this week I got mad at the organizers of this weeks Black Hat conference in Las Vegas.. After all, why try to train people to write the worst, most invasive and difficult to defend against attack software? Their main argument is that security professionals need to understand attacks, even the […]

Every week I write about evil people and the evil software they write. But nothing scares me like rootkits. Ever hear of a rootkit? Its a surreptitious program–not necessarily malicious (but if not, then whats the point?)–that goes to great lengths to conceal its presence on your system. A rootkit intercepts file system and other […]

Security fundamentally requires trust. You cant function without trusting some other users and some programs. On the other hand, you cant completely trust everything, and that includes normally trustworthy software, such as Symantecs Norton AntiVirus. A couple of months ago I began receiving virus notifications about a file that had been on my hard disk […]

In the past, Ive written about the advantages of implementing antivirus protection at the ISP level. Heres the short course on advantages of this approach in the consumer market when compared to the current approach of running antivirus software on end-user desktops: The ISP can make sure all its customers are protected from the outside […]

We all know about e-mail worms: youre infected and then copies are sent to everyone in your address book as well as to any other e-mail addresses the worm can find on your system. On the other hand, there are customer service scams, most of them seemingly from PayPal. These scams try to sucker you […]

Wired Equivalent Privacy, better known as WEP, has been one of the security industrys laughingstocks for years. However, a fix is in the works—again. Still, this time, the results look promising. While the WEP encryption standard is installed in zillions of Wi-Fi devices out on the market, its been common knowledge that cracking keys and […]

Its common that the sticker price on a product or service isnt the complete story. I just bought a minivan, and when it was all over, I had spent a few thousand more than I had anticipated. It was all stuff that I decided I wanted and, the price is fair—but the numbers can add […]