The UltraTech Zone

Browse by Tags

• Security
• Software Development
• Thinking differently
• Windows Security
• Windows Vista

• Security is About Passwords and Credit Cards, Part 3

  The final installment in my series called " Security is About Passwords and Credit Cards " is now up on TechNet Magazine. This part of the series discusses updating technologies, including how not to abuse them, messaging about security, and the checkbox syndrome. It ends with the final comments Read More... Posted Sunday, August 10, 2008 2:14 AM from Jesper's Blog | (Comments Off) Filed under: Security Pontification

• Security is About Passwords and Credit Cards Part 2

  The second part of my " Security is About Passwords and Credit Cards " article just hit the web. This installment looks at logon processes, misleading security eye candy, and insecure communications with customers. As always, I'd love your thoughts on it. Share Post: Read More... Posted Thursday, July 03, 2008 5:32 PM from Jesper's Blog | (Comments Off) Filed under: Security Pontification

• Security is About Passwords and Credit Cards

  Security is About Passwords and Credit Cards. That's what a very nice lady told me a few months ago. At first I shrugged it off. Of course security is so much more than that. As I started to process it though I realized that is exactly what it is about to end-users. They don't care about the Read More... Posted Friday, June 20, 2008 5:27 PM from Jesper's Blog | (Comments Off) Filed under: Security Pontification

• Thoughts on Security by Obscurity

  This has not really been that normal a week for me, but at least another article made it into print. The June 2008 issue of TechNet Magazine is headlined by an article I wrote with my friend Roger Grimes, Security Adviser for Infoworld , on Security by Obscurity . It is another one of those point-counterpoint Read More... Posted Tuesday, May 13, 2008 1:46 PM from Jesper's Blog | (Comments Off) Filed under: Security Pontification, Thinking differently

• Warning! Don't run Anti-Malware Software on Your Research Machine

  I do not run any anti-malware software on my primary workstation. It's a habit I got into way back when I was doing penetration assessments. I showed up at the site, fired up ye olde laptop, and went to run some tool. ...went to run some tool. Hey, where did that tool go? It was there when I left Read More... Posted Thursday, May 01, 2008 3:20 PM from Jesper's Blog | (Comments Off) Filed under: Security Pontification

• Quantum Security

  The May 2008 issue of TechNet Magazine is out. It has an article in it that I have been wanting to write for a long time, called Quantum Security . In it I posit the argument that there are some fundamental laws of security, similar to the laws of physics, which we must not ignore in our risk management Read More... Posted Tuesday, April 22, 2008 9:37 PM from Jesper's Blog | (Comments Off) Filed under: Security Pontification, Thinking differently

• How to remove the security warning, or should you?

  This morning there was an interesting question in the Windows Vista Security Newsgroup . The poster had written an application that users were downloading. However, when they ran the application they received a warning dialog, like this one: The poster wanted to remove this warning dialog to avoid confusing Read More... Posted Monday, April 21, 2008 2:10 PM from Jesper's Blog | (Comments Off) Filed under: Security Pontification

• Regulatory Silliness

  Susan just pointed me to a " Self-assessment questionnaire " for the Payment Card Industry Data Security Standard (PCI/DSS). While, on the whole, the intent of that standard is good, there are some areas of it that, as usual, stray into the realm of regulatory silliness. For example, on page Read More... Posted Monday, March 10, 2008 1:30 PM from Jesper's Blog | (Comments Off) Filed under: Security Pontification

• Measuring Identity Theft

  Chris Hoofnagle, of the Berkeley Center for Law And Technology just published a fascinating report entitled " Measuring Identity Theft at Top Banks ." If you have not already, and you are at all interested in security and privacy, you owe it to yourself to read the report. It analyzes identity Read More... Posted Friday, February 29, 2008 6:20 PM from Jesper's Blog | (Comments Off) Filed under: Security Pontification

• Write down your passwords

  A few years back I caused quite a stir when I mentioned in passing during a presentation that writing down your password is a really good idea. A journalist in the room decided that saying so qualified me as insane, and my employer sending an insane person all the way to Australia to give a presentation Read More... Posted Monday, February 04, 2008 8:09 PM from Jesper's Blog | (Comments Off) Filed under: Security Pontification

• Theft-proof biometrics

  At last, there is a biometric authentication technique that cannot be stolen. Or, well, it can, but at least it won't work any longer. Drs. Philip M. Rodwell and Steven M. Furnell recently published "A non-intrusive biometric authentication mechanism utilising physiological characteristics of Read More... Posted Monday, February 04, 2008 1:56 PM from Jesper's Blog | (Comments Off) Filed under: Security Pontification, Thinking differently

• UK Government Leaks Data on Half The Country

  Another day. Another data leak. Another round of buck passing. Another round of unsubstantiated claims that they really do care about people's personal information. This one is a doozy though. A junior IT admin at Her Majesty's Revenue & Customs (the UK tax office) apparently put personal Read More... Posted Wednesday, November 21, 2007 2:33 PM from Jesper's Blog | (Comments Off) Filed under: Security Pontification

• All Software Has Vulnerabilities

  No matter how smug you are about it, and how much you claim that security is someone else's problem, software will have vulnerabilities. It is a fact of life because software is, by far, the most complex engineering task mankind has ever undertaken. In that light, I found a quote by Alan Paller, Read More... Posted Tuesday, November 20, 2007 5:04 PM from Jesper's Blog | (Comments Off) Filed under: Software Development, Security Pontification

• Dilbert Knows Why Security is Struggling

  If it weren't because too many security departments are like Mordac, today's Dilbert would be funny. Unfortunately, there are still far too many people working on security that fail to recognize that nobody actually wants security. Nobody bought their computer, or built a network, or hired an Read More... Posted Friday, November 16, 2007 11:20 AM from Jesper's Blog | (Comments Off) Filed under: Security Pontification

• From the mouth of babes, part 12398

  A couple of weeks ago I got myself invited to my oldest son's fourth-grade class to talk to the kids about security. The teacher is really into technology and is doing some very cool stuff. Unfortunately, he is not very into security, yet, so that part was, shall we say, lacking. He created this Read More... Posted Tuesday, October 09, 2007 3:53 PM from Jesper's Blog | (Comments Off) Filed under: Security Pontification