Larry Seltzer

Spam filtering is an exercise in trade-offs. There are many different technological approaches to the problem, and some are implemented better than others. But the different approaches also have their own inherent problems, and your tolerance of those problems is part of the equation in deciding whether the approach is a good one. One of […]

So afraid was the government of encryption that they once pursued Phil Zimmerman, author of PGP (and according to Zimmerman hes still under investigation), for releasing free encryption software. I think its important to oppose such investigations for reasons of libertarianism, but you have to wonder why the obcession with encryption when there are far […]

Theres a security show running in London right now called Infosecurity Europe 2003. As a promotional tease, the organizers of the event arranged a frightening little survey. They went to Londons Waterloo (train) Station and looked for people in business dress with briefcases and other trappings of business and asked them for their computer passwords […]

Ive been guilty of this one myself, but like so many practices that now are widely known to be unsafe, who knew at the time? The problem is SQL injection. The very short form of the description is that the attacker finds a data-driven Web site where forms are used to provide data to a […]

Microsoft recently published guideline documents for security hardening of Windows 2000, both for workstatios and servers, and Windows Server 2003. The Windows 2000 document, the Windows 2000 Security Hardening Guide, provides a baseline level of coverage to be supplemented by numerous other guidelines. The Windows 2003 document, the Windows Server 2003 Security Guide, describes the […]

Perhaps Microsofts biggest mistake with Windows 2000 was including a number of services in the default installation that were not necessary for most servers—most prominently, Internet Information Server (IIS) Version 5. Im told by insiders that even during the Win2K beta, Microsofts JDP (Joint Development Program) partners—the very large customers who are the engine of […]

Theres no product as complete—and certainly none as inexpensive—to protect a small business network as WinProxy 5 Secure Suite. Still, WinProxy has always had some notable weaknesses; Version 5 makes some improvements in those areas but doesnt fill in all the gaps. In addition to being a proxy server that lets you share an Internet […]

Sometimes I look at the Internet and I see so many different ways being used to compromise security that I wonder whether wed be better off trashing a lot of the existing infrastructure. After all, the Internet was designed to be secure from nuclear attack, not its own users. The whole idea of network security […]

There was a time when Microsofts objectives toward Java were relatively clear. Security was always a priority in the Java VM, but security issues were basically theoretical. In the past few years, though, Microsofts Java VM has stagnated under an agreement with Sun, and the only news we hear about it is when yet another […]

Ive written a lot about technology for small businesses; if theres one thing Ive learned, its that they get no respect from the industry. Security is yet another market area where no shortage of vendors serves the consumer market, where theyre tripping all over each other to get a piece of the enterprise market, but […]