Rants Tagged with “Security”
1 (Total Pages: 1/Total Results: 6)
I've been severely remiss in failing to get my source code released for my two MIX talks early this month. I apologize (there is a good reasons, but I can't talk about it).
First is my examples for debugging different parts of the Silverlight stack:
http://wildermuth.com/downloads/MIXSilverlightDebugging.zip
Also, there is the code where I showed the attendees how to use forms security and integrated (e.g. Windows) authentication:
http://wildermuth.com/downloads/MIXSilverlightSecurity.zip
Grab them while they're hot!
I had a chance encounter today with the fact that my cell phone records are up for sale to anyone with $110 burning a hole in their pocket. I have to say I am outraged. I can't believe that cell phone companies can sell a record of anyone I call. It makes me sick to my stomach just thinking about it. Anyone else have experience where your cell phone records have been used?
(UPDATE)
Evidently I am not the only one concerned. Here's a CNET article about a congressional hearing about it:
http://news.com.com/Congress+quizzes+phone+records+brokers/2100-1028_3-6034824.html?tag=nefd.top
This is a great document on the top ten application security holes that many sites are vulnerable to. These are application holes, not operating system or database security holes. These are insidious because many applications accidently leave these open in different ways. This document is great eduction for entire engineering groups on what to avoid in web site development.
I never open attachments, but this one 'almost' got me to. I am getting about 3-4 of these an hour now so some people are getting infected. Please be careful of any e-mails saying your PayPal account is going to expire. Don't Open that Attachment (meant to look like a link to the PayPal website).
I ran into this article about using Ink Blots to make passwords on Microsoft Research's site and it got me thinking about security and privacy. I think the only bastion of true privacy these days is in the mind. Social Security #'s, mothers maiden names, pet names...its all just demographic data that is in the wide open. So for the common user, trying to remember a strong password (numbers, letters and punctuation) is just too hard.
Maybe Biometrics are the answer. Fingerprints can't be faked...or can they be? Maybe not by the casual user, but they can be faked. Anyone who got arrested for a petty infraction has their fingerprints in the 'system'.
I think this article is on the right path...passwords based on very private thoughts, not information that is in the open somewhere.
Last February Bill Gates announced that he was halting development until
every project could be reviewed for security and make sure every developer knew
how to write secure code. In fact, a pretty great book
came out of the process. So did it work?
Announced in a new Aberdeen Group report, it seems as Windows has lost its
crown as the most insecure operating system. Can you guess who took their place?
Linux. Does this mean that Linux is an insecure mess? Does it mean that Windows
is hack-proof? No to both questions.
What I do think it means is that Microsoft has done an admirable job at
securing their software. I recently installed .NET Server and I was amazed at
the amount of surface area. Nothing (and I really mean nothing) was installed by
default. Gone are the days of IIS, SMTP and file sharing being on by default. I
think Bill's gambled worked. Do you?
