This news I think is really interesting.  I said long ago that MSFT was going to have another attempt at anti-virus, and they would like to do it for free – it stood to reason to offer a product as they are trying to protect their users, their software, and there’s some additional revenue to [...]

Posted in Industry No Comments »

If there’s any other gadget that has got as much buzz and anticipation as the iPhone, it has to be the G1 phone with Google’s Android platform on it.
Now I thought that Apple had some interesting bugs and a lax security process, but this "bug" is just plain dumb (thanks FS con chat guys for [...]

Posted in Industry, Security No Comments »

Microsoft’s internal security conference BlueHat finished on Friday.  I posted earlier that I would do a write up about it, so I’ll briefly discuss the presentations I went to, and some of the other comings-and-goings of the conference.  I’m told that some of the presentations will be up on TechNet later, so look out for [...]

Posted in Industry, Security, Trip Report 4 Comments »

This week Microsoft are holding their semi-annual internal security conference which they call BlueHat.  It’s invite only for external people, and space for internal people runs out very quickly, so all-in-all it’s a good event – lots of people to talk to, and great presenters talking about current topics from both inside and outside [...]

Posted in Industry, Misc, Security 1 Comment »

What with the IR gig I’ve been on, work just being out of control at the moment, as well as the usual flurry of posts after BlackHat/DefCon, I haven’t been able to keep with my reading, let alone posting.  There’s been a lot of interesting things going on which have received plenty of coverage that [...]

Posted in Industry, Musings 2 Comments »

On my trip out to DC a few weeks back I stopped over to see Gary McGraw for a bit.  On of the things he showed me was some numbers of security companies revenue and growth.  I can’t say I was sworn to secrecy on this, but he did say he was going to write [...]

Posted in Industry No Comments »

Ok, maybe signing up for the clear pass (from my previous post) isn’t such a good idea
http://yro.slashdot.org/article.pl?no_d2=1&sid=08/08/05/1539231
It’s still unbelievable to me that so many place that store “sensitive” data, especially on “mobile” data like laptops, CDs, etc aren’t encrypted.  Seems like a sensible precaution and a no-brainer.

Posted in Industry, Security No Comments »

There’s been some talk about this, and no-one really knows what it means for the security industry just yet (at least not anything I’ve seen thus far), but the just passed Texas House Bill 2833 has the following paragraph
(b)  For purposes of Subsection (a)(1), obtaining orfurnishing information includes information obtained or furnishedthrough the review and [...]

Posted in Industry, Security 3 Comments »

Ages back I met Rich Mogull at BlackHat/DefCon and we got on really well.  Turns out we have some strange shared background as he worked backstage on some of the same tours state-side that I did in Europe.
Anyway, Rich is blogging at http://securosis.com/
As an ex-Gartner security analyst he has great insight into the [...]

Posted in Industry, Security No Comments »

Through my RSS reader I discovered the above named article the other day, so took a quick look.  In some ways I wish I hadn’t, and I hope that not many other people did either. 
The first few tips are pure “security by obscurity”, and you should never “sanitize” user inputs – either they passes validation [...]

Posted in Industry, Misc, Security No Comments »