Larry Seltzer

Everyone knows by now that when you delete data on a computer, it’s not necessarily completely gone. The importance of this fact, and the need to be able to delete data with absolute certainty, has increased in recent years. Imagine that you are upgrading, or taking out of service, a server that has had confidential […]

A lot of people at Microsoft must have been alternately angry and embarrassed last week at the details of MS08-052. This series of vulnerabilities in GDI+, the graphics core of Windows, had a decidedly retro look to it, as if it belonged to an advisory back in 2002, not 2008. The advisory describes five vulnerabilities […]

Everyone, even Microsoft, is openly talking about Windows 7. I think that there will be a 32-bit edition of Windows 7, but I also think it may be the last such version of Windows, And I wouldn’t be surprised if Microsoft takes steps in it to encourage adoption of 64-bit Windows, moving us further on […]

McAfee has made no secret of its Artemis project. It’s been in beta most of this year. Now the company is talking it up to the Wall Street Journal, making it sound like it’s closer to product form. Click here for a pretentious press release on the technology. The idea behind Artemis, as the WSJ […]

Everyone’s talking about Chrome, Google’s new Web browser that endeavors to be more than a web browser. It’s an exciting program in many ways, but none more so than in what they are attempting to do with browser security. I won’t go into everything security-related in the program. For instance, the Incognito mode and blacklists […]

The rumors were right: Internet Explorer 8 will have new privacy features akin to those in Apple Safari. What role should they play in the enterprise? InPrivate Browsing (“Private Browsing” was already taken by Apple) lets the user control whether or not IE saves potentially privacy-related data, including cookies (all cookies become session cookies), history […]

People make much of technical matters in security, but the most important force behind malware is social engineering, not some vulnerability or bad design. The current hot malware is a textbook case of social engineering and an aggressive marketing campaign. You must have seen them by now: ads for “Antivirus XP 2008” or some variant […]

In perhaps the most appalling breach of security at a major operating system vendor, Red Hat has revealed that a compromise of its internal systems included the digital signing keys for its distributions. An Aug. 22 advisory from Red Hat announces new OpenSSH packages to deal with the problem: “In connection with the incident, the […]

Browsers And Unsigned Certificates by Larry Seltzer Read Larry Seltzer’s article on The Untrustworthiness of Self-Signed Certificates. Browsers And Unsigned Certificates – Suspicious of SSL Making the Web “safe by default,” browsers are suspicious of SSL Web sites (those with a https:// prefix) that use certificates not signed by a trusted authority – VeriSign, GlobalSign, […]

User interface changes in some newer browsers have gotten some in the security community riled up. The issue is self-signed certificates. Some folks don’t like users being told that their roll-your-own certificates aren’t as good as the non-free ones. But the fact is that they aren’t as good, especially when the overall population of users […]