OSX vs. Vista security

XP + Vista vulns vs. OSX vulns for 2007. http://blogs.zdnet.com/security/?p=758 We had a good year – Apple – not so much. 🙂  


Notable changes in Vista SP1

http://technet2.microsoft.com/WindowsVista/en/library/b984ce70-701b-4565-868e-51d1ba47555d1033.mspx?mfr=true Looks like we’ve made SP1 RC1 available to the public to download . . . Vista is a bit of a mixed bag for me as of late (but then again – I suffer so you don’t have to – I’ve been running SP1 for months now).  The performance of SP1 as compared to…


Pwning Second Life users via QuickTime

Walk by a malicious object in Second Life – get 0wn3d: http://www.securityevaluators.com/sl/ Fascinating. 🙂


Fly with the Blue Angels?

Get pwn3d: http://alt.coxnewsweb.com/ajc/swf/blueangels/blueangels.swf Make sure you watch all the videos that are hyperlinked on the left. All I can say is “priceless”. 🙂


CNet 3 part series on Securing Microsoft (complete list of articles)

Here are the URL’s for the 3 part series on ‘Securing Microsoft’ which is a pretty good behind the scenes look at the organization I work in. Day 1: http://www.news.com/At-software-giant%2C-pain-gives-rise-to-progress/2009-7349_3-6220566.html Day 2: http://www.news.com/Inviting-the-hackers-inside/2009-7349_3-6221138.html Day 3: http://www.news.com/The-next-generation-of-security-threats/2009-7349_3-6221150.html Now to be fair – I don’t think I said exactly this “That’s one thing I want you to…


Patches . . .

Story time.  So a couple years ago, because I have horses, someone sent me a video of a couple good ole’ boys and their horse named “Patches” (you can watch the “Patches the horse” video here.).  If you don’t have time to watch the video – Patches was a very special horse that would ride around…


How your CxO will get owned next year . . .

In a recent blog I explained how your Mom was going to get owned next year – now it’s time to dish on your CxO . . . http://www.vnunet.com/vnunet/news/2204871/mi5-warns-chinese-hack-attacks http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9050538&taxonomyId=17&intsrc=kc_top I believe most of these attacks are e-mail based (either very convincing ‘click on this link’ type emails or emails with attachments) . . ….


The Firefox security myth . . . busted.

Much like the Apple security myth and the Oracle security myth – the numbers just aren’t there to support it as our very own Mythbuster – Jeff Jones explains in the blog on the topic. “Over the past 3 years, supported versions of Internet Explorer have experienced fewer vulnerabilities and fewer High severity vulnerabilities than…


CNet 3-part series on securing Microsoft.

Ina Fried is doing a write-up on my organization and so far part 1 was pretty good!http://www.news.com/At-software-giant%2C-pain-gives-rise-to-progress/2009-7349_3-6220566.html?tag=st.num She mentions the DTF competition this year which myself and a friend of mine in the MSRC won . . . it was hosted in the war rooms discussed elsewhere in the article.Man it’s interesting to go back…


How your mom will get owned next year . . .

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9049269&intsrc=news_ts_head Hopefully she’s running Vista with UAC turned on so that IE runs at low IL, on a machine that supports hardware DEP, as a standard user. 🙂