Larry Seltzer

Sorry for the broken record treatment to all my regular readers, but I think its perhaps the most important security point in real world IT: Too many vulnerable systems are left in exposed situations, even when patches have been made available. For large networks that require active management, the answer is a patch management system […]

Discuss this column in our forum. It took many years of browser development before we started fearing them. Until about version 4 of Netscape and IE the only talk of security was theoretical and usually unrealistic, such as whether Java or ActiveX were big holes when neither has turned out to be. The real holes […]

I take it as a positive trait in myself that Im constantly appalled at the gall of some people conducting scams on the Internet. It would be sad to take such things in stride. The latest cheap trick comes as an automated e-mail from a site called word-of-mouth.org. Purporting to come from the “Word-of-Mouth.Org Report […]

Thanks to Jonas Eckerman (http://www.truls.org/) for answering my request in a recent column for input rules for the Apache mod_rewrite module to make it work roughly like Microsofts UrlScan. Eckerman isnt familiar with UrlScan, but says these rules “stop a majority of worms and attacks against web servers.” These rules cause Apache to return an […]

Many years ago, I saw Timothy Berners-Lee, father of the World Wide Web, speak at a conference. His message was that URLs users could decipher were a bad ideal; Web applications should employ URLs that are deliberately complex, black boxes for which only the Web server has a key. I dont recall the specific reasoning […]

Its not uncommon in the browser-vulnerabilities business to hear about an issue that crashes the browser. Most of the time you hear about Internet Explorer—justifiably so, since its the one nearly everyone uses. Other browsers have these same problems, too. You just dont hear about them for the same reason you dont hear about the […]

The latest buzz on the worm wire is Palyh, a.k.a. Mankx, a.k.a. Sobig.B. It does very little that hasnt been done by dozens of other Windows mass-mailer worms (it also spreads to network shares, if available), but it did spread very rapidly. I received a couple copies of it myself in e-mail before the new […]

I once was technical director at a computer magazine for which sci-fi writer Orson Scott Card wrote a regular column, prompting me to read the “Enders” series of novels. (Bad column; great novels.) I was reminded this week of an event from one of these books, in which (if I recall correctly) an advanced civilization […]

Im still wondering whats so special about the Fizzer worm that set the Net on fire this past week. Reports from antivirus vendors had the new worm spreading far and wide. Its Wednesday night and the storm appears to be passing. A second payload could somehow lie undetected and ticking, but enough smart programmers with […]

For how many of you out there is running a firewall—or running IT in general—central to your business? I bet the percentage is a small one. Nevertheless, you have to do these things in order to protect and facilitate the things you really do for a living. This is why I believe in services for […]