New site at the top of my favorites list

You know, stupid security abounds. I just discovered this site today, and I plan to become a regular visitor — and probably a contributor, too! I encourage you to explore it and enjoy. Oh, some advice: it probably would be unwise to read an offline archived version of this site on an airplane. 🙂 Stupid…


How to secure your wireless network

I’m now a contributing editor for TechNet Magazine. Everyone with a TechNet subscription automatically receives it; if you don’t have one, you can still get the magazine free. The magazine’s published three issues so far: Winter 2005, Spring 2005, and November-December 2005. You’ll especially enjoy the “Hacking” series in the first issue, where Jesper writes up his “Anatomy of a…


But I can’t test! My boss won’t let me

Yesterday I mentioned that there’s no substitute for doing your own testing of updates. I mentioned virtualization is your friend — building a model of your environment using Virtual PC and Virtual Server will save you a lot of money and it’s something you can quickly tear down and rebuild whenever you want. But what if…


When security breaks things

Now that the furor has waned, I want to comment on MS05-051. For those of you who don’t memorize bulletin numbers (I am part of that set; Susan Bradley, for example, isn’t, hehe), this is the security update that fixed a number of vulnerabilities found in MSDTC and COM+; it replaced five other updates dating back…


My music

Those of you who’ve seen me speak at various events know that I like to play my own music before the presentations begin. In industry parlance, this is called “walk-in music.” My experience, though, is that many times the music they provide is better described as “walk-in, lie down, and go night-night music”! Think about…


The Internet routes around outages — and censorship, too

Have you seen this yet? “Grokster ruling begins the good fight” If you haven’t, it’s worth your time to read — it’s a terrible shibboleth for a U.S. “national firewall.” Coursey is promoting the idea that all U.S. Internet access should pass through a firewall that will block file-sharing and gambling sites. Since most of these sites…


Some videos of me

Microsoft UK has posted videos of various European events of the past year. Various speakers are featured, including Andreas Luther, Dennis Karlinsky, Eileen Brown, Graham Calladine, Jesper Johansson, John Craddock, Justin Alderson, Kalpit Jain, Kimberly Tripp, Mark Licata, Mark Cribben, Mat Young, Paul Cullimore, Rafal Lukawiecki, Ryan Burkhardt, Sally Storey, Scott Schnoll, Steve Riley, and…


Cluelessness abounds

So yesterday I received a rather interesting email. Subject: “INFOSEC Scholarships & Fellowships for PhD or MS + Free CISSP Exam Prep Events.” Hm, I didn’t know that “information security” suddenly became an all-caps acronym. How come no one asks me first about these things? Anyway, it purports to come from the University of Fairfax,…


Lousy security

Lousy security is all around us, and I’m not even thinking about airport security here (which, I admit, i love griping about). Here I have in mind lousy computer security. And lest you think I’m proceeding to engage in naval-gazing introspection, no — I’m not going to write about our own products. Jesper already wrote up his impressions…


Jesper finally got a blog up!

Well, after several months of griping (what else is new? hehe), Jesper’s finally started a blog. And he’s got some scathing criticism of how people commonly abuse audiences with PowerPoint. Good reading! Check him out at