Can I get published if I say that rain is wet or snow is cold ?

I saw this article earlier today. “The vast majority of all critical Microsoft vulnerabilities, some 92 per cent, could have been mitigated by removing the administrator rights of Windows users, a new report has revealed.” Strike out the numbers and the product specifics “Most vulnerabilities can mitigated by removing administrator rights”. Stone the crows ,…

2

Windows 7 and UAC

From the start I thought User Account Control was a big step forward for Vista I tended to brush off any complaints about UAC, for 3 reasons Most of the appearances of UAC appear during the initial setup of the machine. If this is onerous, then you can re-enable the built-in Administrator account because by…


IE Security Patch

You may have seen in the news over the last few days that a vulnerability has come to light in IE, which allows a carefully crafted web page to run arbitrary code on a PC. I don’t assess the technical side vulnerabilities -  some of the things written about how serious this one was one…

1

Safe on-line part 2 (in praise of John Lewis)

I’ve talked about brand values and somewhere along the line I sure I said that I choose to shop at Waitrose instead of Tesco or Sainsbury’s. Since Waitrose is part of the John Lewis partnership I have had one of their credit cards for a while (my local Waitrose was one of the first where…


Get Safe Online ‘08

The First time I ever worked with Steve was on GSOL the first year it ran. It’s become an annual event, and I hope that no-one who regularly reads this blog needs to be told too much about on-line safety. It’s pretty simple stuff. Keep your machine patched Use Anti-virus Software Use a firewall Be…


Never, ever run executables which arrive unexpectedly by mail.

I had this waiting for me on my home PC this morning. From: Microsoft [mailto:customerservice@microsoft.com] Sent: 10 October 2008 02:25 To: {My home account} Subject: Security Update for OS Microsoft Windows Dear Microsoft Customer, Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following…

3

A novel password policy

Setting up some demo servers recently Steve and I tripped over the Windows 2008’s default password policy: it needed to be relaxed to get to easy password we use in demos. Steve advocates pass-phrases "IHateChangingmyPasswordEvery30Days" is better than "o^1bKK%19#" However I read this article this morning about having a bit of trouble with their passphrase.*…


Security, Security, Security.

The story last week that someone had left a secret folder of documents on a train – which were then given to the BBC brought back memories for me. Shortly after my wife and I had moved into our first house, she brought home a brown paper envelope she had found on a train. In…

5

Core! that firewall management has some tricks.

Quite a lot of the last few days has gone into preparation for the Road-Show and making sure I had all the things right for show Windows Server Core. Core, as you probably know by now, is server 2008 with support of only a subset of features, and most of the GUI bits removed. The…


While you were sleeping … an attack on bitlocker etc

I’m always suspicious of people talking down security vulnerabilities, but I don’t like to see them over-hyped  either; so I’m going down the former path. You are allowed to be skeptical. A couple of people have mailed me this morning about this story, picked up by the register (a couple even forwarded me the Academic…