August article: 802.1X on wired networks considered harmful

Several months ago I learned from Svyatoslav Pidgorny, Microsoft MVP for security, about a problem in 802.1X that makes it essentially useless for protecting wired networks from rogue machines. Initially I was a bit skeptical, but the attack he described is in fact true — I’ve seen it myself now. So I’ve been explaining the attack at conferences…

15

Tools in the proposed consumer security book

Oh, I forgot to mention that we’re planning some tools for the consumer book, too. The first will help you set yourself up as a least-privileged user. It would detect how you’re running now, create an account for managing the system and running games and older application, and then change the privileges of all other…

1

Idea for second book — "Stay safe online: computer security at home"

Jesper and I are planning a second book. We’ve noticed a distinct dearth of useful, actionable, and non-scare-mongering computer security resources for home users. A few of the books we’ve seen are hopelessly bad, really. Either they rapidly forget their audience and get way too technical, or they indulge in religous arguments, bashing Microsoft for…

15

Updated TechEd worldwide — new China dates

The dates for TechEd China have changed (venue issues), and I’ve added another city. Here’s the updated list: Europe, in Amsterdam (4-8 July)Japan, in Yokohama (2-5 August)Asia, in Singapore (24-26 August)New Zealand, in Auckland (28-31 August)Australia, in Gold Coast (31 August – 2 September)China, in Shanghai (19-20 September)China, in Beijing (23-25 September)Taiwan, in Taipei (27-29 September)Hong…

3

Airport security silliness

So today (Thursday 21 July 2005) I flew from Seattle to Dallas for a customer meeting. Since it’s a short one-day affair, I packed my small carry-on size suitcase. In it was a pair of shoes, one pants, one shorts, two shirts, a toiletry bag, and my collection of wall warts (AC adpaters). Seems normal, so…

5

Trustworthy Administrators

The article is posted in the security management column section on TechNet and is the Viewpoint article in the July security newsletter. Check it out, and please tell me what you think. It’s been generating some opinions 🙂 Do you trust your administrators? That seemingly innocent question creates a serious dilemma in the minds of…

5

Securing Terminal Services over the Internet

In my presentation on remote access at TechEd, I gave three scenarios: web-based access to internal resources, published with ISA Server “desktop over the Internet” using Terminal Services and the remote desktop web connection full IP-based virtual private networks with L2TP+IPsec In the discussion on TS over the Internet, I failed to mention a very…

2

Bug in the book: Appendix C, hosts file

Somehow this escaped our notice during the proof phase, but the hosts file that’s printed in the book (and burned on the CD-ROM) is completely bogus. It actually blocks a number of very good sites that have anti-spyware software and even blocks MVPS.org, the place where you can get a real spyware/adware blocking hosts file….


Article in the works: trusting your administrators

At TechEd US this year Jesper and I noted a new worry many of you were having: trusting your administrators. Or, more accurately it seems, an inability to trust your administrators. This is troubling, since these are the people who have unfettered access to pretty much everything in your network. Seems that it’s time for…

6

TechEd 2005 Worldwide

As usual, I’m speaking at several TechEds around the world. Here’s the list: Europe, in Amsterdam (4-8 July)Japan, in Yokohama (2-5 August)Asia, in Singapore (24-26 August)New Zealand, in Auckland (28-31 August)Australia, in Gold Coast (31 August – 2 September)China, in Shanghai (15-17 September)China, in Beijing (19-21 September)Taiwan, in Taipei (27-29 September)Hong Kong (3-6 October)South Africa,…

4