|
|
||||
Recent Posts | All O'Reilly Posts John blogs at: SCADA vulnerability disclosures are unconscionable January 20 2012 Today was a shameful day for the Internet security industry, as researchers disclosed information about numerous vulnerabilities in critical US infrastructure systems produced by five different vendors, demonstrating that they are happy to make the world a riskier place in order to market themselves. read moreFebruary 16 2009 On Valentine's Day, I found myself 500 miles away from my two daughters (10 and 7). I'd already decided to get them a gift certificate from Amazon, with an e-greeting. Amazon has so much stuff, both kids could easily get... read moreResponsible Disclosure is Irresponsible January 23 2009 I was pretty amused recently when two people I respect went at each other over vulnerability disclosure, quickly devolving into name-calling. It's always fun to watch a flame war (nobody got compared to Hitler, but one person did get compared... read moreJanuary 12 2009 There's no doubt who the world's leading IT security expert is, Bruce Schneier. Sure, Bruce Schneier may not be a household name on the lips of every man woman and child, but he's certainly far better known than anyone else... read moreJanuary 01 2009 Every CA that was potentially vulnerable to this week's problem with public key infrastructure has phased out MD5-based signatures, meaning it is now impossible to launch the attack that the researchers described. But, despite plenty of experts assuring people there's... read moreThe sky is not falling (re: today's PKI attack) December 30 2008 In my last post I talked about how anybody with enough money (a small 6-figure sum) could create a rogue certification authority (CA). This would allow them to generate certificates for any web site that seem to be genuine. That... read moreAn attack on public key infrastructure December 30 2008 About three years ago I was having breakfast with a friend of mine, who was talking about a particular appliance product that claimed to be able to transparently/silently intercept all SSL/TLS traffic, so that it could be inspected. He was... read moreVirtualization: host security's silver bullet? December 26 2008 The biggest problem with host-based security has always been what happens when your protection fails. And yes, all traditional host-based protections will have the potential for failure, especially when you consider that it's generally easy to trick users into installing... read moreSnake oil: legitimate vendors sell it too December 18 2008 Traditionally when security experts talk about snake oil products (i.e., security products that don't actually offer any security), they are usually only brave enough to call out products from dubious companies that make claims that are obviously false... almost always... read moreWhy most companies shouldn't run intrusion prevention December 04 2008 The IT security industry is filled with plenty of technologies that work, but not very well. Technologies that sell, even if they're not particularly cost effective. One of the most pervasive security technologies that doesn't work very well is the... read moreIs Apple OS X More Secure than Windows? December 01 2008 OS X Security is a pretty fun topic for me, because I love watching the carnage when people fight. Before I register my opinion, I need to be clear that I've been operating almost exclusively on a Mac since OS... read moreNovember 24 2008 At 7:30 eastern this morning, one of my brothers called to tell me that he is, "being attacked by hackers. My computer has hackers on it, and over 100 viruses, spywares and password stealing Trojans, and I don't even know... read moreWhy Microsoft's free AV won't matter November 20 2008 Earlier this week, Microsoft announced that they're going to stop selling their consumer security product OneCare, and instead they're going to give away for free an AV product based on the same technology. I've had several people ask me questions... read moreWhy geeks don't like to run AV November 19 2008 When you look at the average, non-technical user, they probably should be running AV, because it is pretty unobtrusive, it does catch some things (even if it's not many), and they don't have the same sense of what the real risks are as I do. But, many technical people are… read moreNovember 17 2008 This is my first blog post on O'Reilly. I thought I would start out with some background on myself, and then give a high level overview of the kinds of things I'm going to be blogging about. When I was... read moreRecent Posts | All O'Reilly Posts Buy Now and Save
Buy 2 books, get the 3rd FREE
Use discount code: OPC10  All orders over $29.95 qualify for free shipping within the US. See details. |
||||
© 2012, O’Reilly Media, Inc. (707) 827-7019 (800) 889-8969 All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. |
