Updated Microsoft Security Assessment Tool

Greetings. In case you haven’t already read about it, we recently updated the Microsoft Security Assessment Tool (MSAT). Version 4.0 hit the web on 31 October. It’s been four years since the initial release, and two years since the prior version. Between then and now your security world has evolved a lot, and the tool…

6

Reading list from “How IT will change in the next 10 years”

At Windows Connections two weeks ago, during my keynote speech “How IT will change in the next 10 years and why you should care,” I mentioned several books worth reading. Many of you have asked for the list; here it is: The Cathedral and the Bazaar by Eric S. Raymond The Wisdom of Crowds by…

4

Comments, administrivia, and the future of the “infosec professional”

Back when the spam was spiraling out of control, I configured my blog to close comments after 90 days. I’ve removed the limitation now, for two reasons: the spam is under control, and I wanted to reply to a comment made to my post on IPsec/IPv6 direct connect. On 13 August, jcorey asked about how…

14

Ethernet and WiFi and Bluetooth, oh my!

Customers have long requested a way to configure a computer to automatically disable its wireless NIC when its Ethernet is in use. Many third-party utilities can do this for you, but neither XP nor Vista have a built-in way to accomplish this, nor will Windows 7. Although having both NICs enabled first appears to cause…

19

Passgen tool from my book

Way back in 2005, Jesper Johannson and I wrote Protect Your Windows Network. It’s still available, and although its product set is now somewhat dated (Windows XP and Server 2003), much of the practical advice about security policies, social engineering, security dependencies, and how to think about security remains relevant. That’s because we strove to…

14

Sao Paulo, here I come

I have a new TechEd destination this year: Brazil. It’ll be my first time to speak at our event there; indeed, even my first time to travel to South America. I’m looking forward to it. The event runs during 14-16 October 2008. I’m delivering the same four presentations I gave at TechEd US (and have…

14

Internet Explorer security levels compared

A pretty good question came across the newsgroups the other day. Someone was asking what are the differences between IE’s "medium" and "medium-high" security settings. I did some digging, and found only this on MSDN: About URL security zone templates. No wonder it’s difficult to find — the terminology is different, and the table is…

9

The opt-out from hell

One problem with making your email address available (which I will continue to do, don’t worry) is that folks with something to sell assume you’re interested in their stuff. To wit, let’s consider an email I received today (copied, headers and all, after my griping). Note that if I want to opt out of further…

8

Blamestorming

So, let’s recap the sequence of events: The Sun-Sentinel newspaper in Fort Lauderdale accidentally republishes a six-year-old news story about the bankruptcy of UAL. It wasn’t on the home page, but instead buried somewhere inside the web site. Google’s news crawler (an automated thing, remember) finds the story and incorporates it as part of its…

4

Who is "dodacrazy" and what is a "montize buddy"?

Check this out: http://blogs.technet.com/steriley/archive/2008/06/25/directly-connect-to-your-corpnet-with-ipsec-and-ipv6.aspx#3122377 Hey Steve you and your montize buddy Scott will soon have your hands full after the federal officers come down on your data scams and as for your educational acts i’m not buying it and if others are willing to trade your data for their profits guess there are fools born…

4