More security theater, in the air

Recently I was on yet another flight, trying to get some e-mail done. This time, however, I was answering e-mail offline on my SmartPhone. Of course, the phone was in flight mode so the radio was off. I wouldn’t want to “interfere with the aircrafts navigation and communication systems.” Needless to say, this was not…


More on Using ISA to Block WMF Attacks

Jim Harrison has created a very cool script to do much better blocking of the WMF exploit in ISA server. The script is nice because it sets up a policy that actually parses the request body and blocks WMF files that are renamed to something else by using ISA’s ability to look really deep into the…


Ready! Set! Go…patch your stuff!!!

OK, you have probably seen it, but the official update for the WMF vulnerability was just posted! The bulletin is titled MS06-001. The updates are on Windows Update, as well as on the download center. Links to the Download Center updates are in the bulletin. Go patch your stuff!


Conscientious Risk Management and WMF

This past week there have been a lot of questions about the WMF vulnerability, what Microsoft is doing, and what the community should do to protect against it. For many reasons, Microsoft’s response to the problem is best left to those who do this for a living. However, there is a lot of interest in…