Larry Seltzer

Just about a month ago, in early November, the news came out that the first cracks were appearing in WPA, or Wi-Fi Protected Access, a very popular wireless security standard. The compromise that was accomplished by some researchers was not a real killer, but the affected version of WPA (and the associated encryption process, TKIP, […]

DNS experts have known for a long time that the system is another of those old designed back in an era when we didn’t think too hard about security, if we thought about it at all. Like most of those protocols. DNS is too embedded in existing computers and software to displace easily, and proposed […]

Enterprises aren’t completely safe these days from a computing standpoint, but they are a lot safer than they used to be. I feel safe saying that if you’re willing to put money into the right products and into the right policies and people to enforce them, you can have an extremely secure network. Enterprises aren’t […]

The playing field for drive-by exploits through Web browsers appears to be evening these days, thanks to the rise of exploits through third-party controls. The chances of Firefox users being exploited are a lot better than they used to be. This is especially true on Windows Vista. The latest Microsoft Security Intelligence Report states, and […]

Computer product testing, sadly, has been as much art as science over the years. It’s not just that the products are so complicated as to defy simple, straightforward analysis, but also there are no general agreements on how products should be tested. Now that may be changing with respect to the testing of anti-malware products. […]

The pressure is on President-elect Obama to make cyber-security a priority issue. What can the government, let alone the president, do about this? Obama has said, “As president, I’ll make cyber-security the top priority that it should be in the 21st century. I’ll declare our cyber-infrastructure a strategic asset, and appoint a national cyber-adviser, who […]

What do we do about malware? The long-term solution, at least for managed networks such as enterprises, may be whitelisting. But in the meantime, we’re still drowning in new variants every day. In the 2009 generation of its products, Symantec is trying a new approach: file reputation. It’s a little early to tell if it […]

It’s ironic, as Wired says, that the U.S. military finds its networks under constant attack through the Internet. The U.S. military was instrumental in creating the Internet, and many of the key mistakes were made back then. Now the Air Force Research Laboratory has announced its “Integrated Cyber Defense” program, an attempt to fix the […]

The reports of Microsoft’s “out of band” patch last week of a critical vulnerability in Windows all took note of how unusual it was. Out-of-band updates are unusual-the last one was MS07-017 on April 3, 2007-because Microsoft has gotten on top of the vulnerability problem better than anyone. In fact, I’d say the game is […]

Internet users have enough trouble with criminals attacking them and governments seemingly doing nothing to stop it. The last thing they need is for governments to be attacking them as well, but it happens a lot. There’s no shortage of do-gooders struggling to protect the people’s rights on the Internet. The latest entry may be […]