Microsoft and double standards

Well said Joe: To be fair the stock has risen to its highest point in like 7 years . . . I’m almost afraid to talk about it for fear of scaring it away . . .


Wherever you go – there you are! (If you own a Mac with Leopard)

Also a classic line from The Adventures of Buckaroo Bonzai Across the 8th Dimension and also very applicable to that fruit company’s new OS. What could *possibly* go wrong? 🙂I imagine this will make both malicious hackers and security researchers alike look at the .Mac authentication / SSO infrastructure with renewed interest. 🙂I have to wonder…


DD-WRT kicks ass!

Over the weekend I decided to try something cool at home.  I have a Buffalo WHR-HP-G54 wifi g-router that I got a few weeks back via Slickdeals.  It’s a great router – very strong wifi signal / range and it was cheap – like $50 or something . . . but the HTTP based management GUI…



I give you – the newest CLR language:!.html🙂  


It begins . . . (PDF spam run)

F-Secure is reporting that a PDF spam run has started that exploits the Adobe URI handler vulnerability (that is really sort of our vulnerability – where Acrobat is simply the current attack vector). Couple things: The Adobe Acrobat update has been released as of October 22nd so make sure you update Acrobat ASAP. If you can’t…


Elcomsoft password cracking – now 25x faster?

Thanks to the parallel processing ower of modern GPUs: I’m surprised they didn’t jump on the Sony PS3 / Cell processor bandwagon . . . On an related note – remember – the password hash is pretty much as good as the password  . . . if the bad guy has your hash -…


Getting Microsoft Updates offline . . .

So I just got done reading Larry’s article on XP SP3 over here:,1759,2204198,00.aspNear the beginning of the article he mentions something about needing an offline / disk based version of the update process for people who can’t connect to Microsoft Update each month to get up to date.  I shot him an email but…


This kid’s a speed freak!

Unbelievable talent . . . all he wants to buy with his $700 prize is . . . .


Redhat fixes their 1,000th CVE

We now have several years worth of solid CVE / vuln data that has accrued (both for us and our competitors) and some folks like us are improving (by needing to fix fewer security vulns year over year) and others . . . not so much. 🙂