Dino secretly wants Apple to release 64bit Vista

Interesting article from Dino: http://blogs.zdnet.com/security/?p=1325 Vista x64 has like . . . 4.5 out of 5 of things he wants.  Love the comment in there about making the heap non-executable. 🙂  

0

Today’s FOGA goes to Google for (implicitly) admitting they have a problem (via stopbadware.org)

Man – not sure why this didn’t grab the media’s attention until today: http://www.pcworld.com/businesscenter/article/147503/group_says_google_a_top_source_of_badware.html March was apparently a bad month for the Google properties: http://blogs.stopbadware.org/articles/2008/04/05/infections-stats-for-march-2008 (wasn’t this also around the time the bad guys figured out they could XSS various high profile web sites that were accepting tainted search result data from Google without sanitizing it?) Google’s response:…

0

SQL injection is teh suck . . .

So do something about it: http://blogs.technet.com/swi/archive/2008/06/24/new-tools-to-block-and-eradicate-sql-injection.aspx We give you 3 different ways to combat SQL injection on our platform above including an update to one of my all time favorite tools – URLScan!Here’s a blog post from a senior IIS dev-dude (Wade Hilmo) on the new URLScan and some of the new features: http://blogs.iis.net/wadeh/archive/2008/06/24/urlscan-v3-0-beta-release.aspx

1

Security ‘silly season’ has officially begun . . .

In Formula 1, silly season usually begins near the middle to end of the F1 calendar (although it seems to start earlier each year) as many drivers and teams start the intricate backroom negotiations of who will drive what next season or even sometimes 2 or 3 seasons from now and the mass media try…

0

MMPC team blog / FF 3.0 download record?

The Microsoft Malware Protection Center team (i.e. the AV folks) have a new blog URL: http://blogs.technet.com/mmpc/Hopefully these folks will be blogging more about new and exciting malware like they’ve done just recently. This month – they talk about the June MSRT release nuking a variety of online game password stealers hailing from China among other places.  What…

0

Microsoft Blogs and Web Resources about Security

This guy has spent an insane amount of time collecting and organizing useful security links . . . but he doesn’t just throw them in a blog in random order – he’s got a graphical legend and mad organizational skillz.  Although I must question some of his so called ‘security expert blogs’ . .  anyhoo…

0

More FireFox 3.0 entertainment (Fail Open Goat Award)

It’s nice to see that the security researchers are taking notice of FireFox’s increased share of the market and responding appropriately: http://blogs.zdnet.com/security/?p=1288 This is interesting on many levels . . . here we have a free, open source browser and I’m just guessing that this un-named researcher found this vuln ages ago and deliberately held…

3

USA Today writes an article about FF 3.0 – hilarity ensues . . .

http://www.usatoday.com/tech/news/computersecurity/2008-06-17-mozilla-window-snyder_N.htm  Boy why bother with facts when it’s so easy to make stuff up and to throw out randomly generated numbers like these: “Organized cybercrime gangs are more highly focused than ever on taking control of your computer through browser-based hacks. They’ve already turned some 40% of the world’s 800 million Internet-connected PCs into obedient…

6

Our comically un-creative product naming continues . . .

“Windows Embedded NavReady 2009”!?!  Really people?  I think we totally missed an opportunity to add a few more words to describe this fascinating new OS variant thereby ensuring that it will in no way easily fit on any product stickers and will have to scroll horizontally across the screen in the help->about menu on the…

1

Windows SteadyState – Or "How to surf the web without fear using Windows XP"

So I was chatting with a Microsoft friend of mine today.  He’s a Firephox fanboi.  He’s always trying to convert me.  He was talking to me about FF 3.0’s pending release and talking about how amazingly fast it is on his XP SP3 rig.  So I started admonishing him for running such an archaic OS…

1