Larry Seltzer

When the great Windows worms of the early part of this decade hit, they cut a huge swath through the Windows world. Slammer, probably the most fascinating of them, did so within minutes of its release. Blaster may have been the most damaging. And all of them were patched some time before attacks were launched, […]

Companies will pull the most outrageous crap imaginable when responding to legal requests. It may be hard to prove they lied, but they will obstruct. Consider Google in a recent case. The case was a suit between Sprint Nextel and some of its affiliates over the Sprint-Clearwire WiMax venture. Google was one of the investors […]

I’ve been bombarded with pitches and inquiries about whitelisting ever since I discussed the issue with Microsoft’s Mark Russinovich. Russinovich, you will remember, thinks that current approaches to security are unsustainable and that the way out, the paradigm shift that takes the advantage back to IT from malicious actors, is whitelisting. I was sympathetic, but […]

Today’s Patch Tuesday bulletins announced 11 vulnerabilities: four critical, six important, and one moderate. What do these terms mean? You see severity ratings most of the time you see a vulnerability disclosure, but there are no hard standards for severity ratings. In fact some vendors-most infamously Apple-don’t provide any severity ratings for their vulnerabilities. Not […]

The imperative to use SSL, for web authentication and encryption or VPNs, is reasonably universal. Competition has driven prices of certificates down over the years to the point where you can get conventional SSL certificates from reputable vendors for well under $100 per year. Another product gaining popularity due to competition is the wildcard certificate. […]

One of the great, classic articles of computer security comes from Microsoft in an era when security was not their strong suit. The article “10 Immutable Laws of Security” by Scott Culp relates rules which ring as true today as they did in 2000 when the article was written-or do they? Now Jesper M. Johansson, […]

I’m surprised it took this long: Hackers have released the specs and tools to clone and modify the RFID chips in U.S. passports. Two years ago when the plan to issue them was first widely discussed, I asked what purpose they served and pointed out obvious problems with them. As far as I can tell, […]

With the regulatory compliance imperative beating down on companies everywhere, I get a lot of pitches for products with the broad goal of protecting data from unauthorized access. There are many different approaches to this in the industry, and some of them are harder to implement than others. My impression, and there’s some common sense […]

It has been weeks since Comcast announced that it would be moving its “capacity management” from a protocol-oriented scheme to one based on aggregate use of bandwidth. The protocol/application approach was found by the FCC to violate rules of network neutrality. Comcast is appealing the ruling just to protect their rights and I think they […]

Windows IT people everywhere owe thanks to Dr. Mark Russinovich, now a technical fellow at Microsoft and his less-famous partner Bryce Cogswell. Russinovich is famous both as an author, making the technical details of Windows accessible to the rest of us who dare to think we are technical, and as a programmer, writing utilities that […]