Blog

Mac FileVault Encryption Update

By Rich
Back in August I finally broke down and encrypted my computer using the built in FileVault feature in Mac OS X. After 3 months I figure it’s time for an update. I was originally concerned about FileVault based on reports of corrupted images during system crashes and other unexpected events. I have yet to experience any problems. At all. I’ve crashed my Mac and experienced sudden shutdowns during everything from normal usage, to that dangerous moment with the encrypted image is reclaiming unused space. My encrypted image always comes back, no problems. It’s also pretty big- with multiple

Database Security Vulnerability Stats

By Rich
These numbers are totally fascinating- check it out here. Keep in mind that some database systems (like SQL Server) only run on a single platform, while the others (you know who) run all over the place. Still, not a single bug in a year. Now that’s impressive! This really shows the value of a secure development cycle and building security into the product, instead of on top of it. (Thanks to DCS for finding this)

Music Labels and Microsoft Assume You Are a Criminal- and Charge You For It

By Rich
As a security professional I admit that I normally assume someone I’m dealing with isn’t necessarily honest; especially if they’ve done something to draw my attention. I learned early on that most humans have an unbelievable capacity for deceit, and they use it on a daily basis. In many cases the individual is so believable because they’ve convinced themselves that what they’re doing/saying is either the truth (when it’s clearly not), or they’re justified for some bullshit reason (like “the man” has been keeping them down). No- you really don’t deserve

How the Death of Privacy and the Long Archive May Forever Alter Politics

By Rich
As the silly season comes to a close with today’s election (at least for, like, a week or so) there’s a change to the political process I’ve been thinking about a lot. And it’s not e-voting, election fraud, or other issues we’ve occasionally discussed. On this site (and others) we’ve discussed the ongoing erosion of personal privacy. More of our personal information is publicly available, or stored in private databases unlocked with a $ shaped key, than society has ever experienced before. This combines with a phenomena I call “The Long Archive”- where every

Report Voting Machine Problems to 1-866-OUR-VOTE

By Rich
From BoingBoing: If you experience any irregularities in voting today, call 1-866-OUR-VOTE, the hotline for the National Campaign for Fair Elections. EFF lawyers and many others are standing by across the country to take legal action to remove malfunctioning voting machines, keep polls open, etc. I voted this morning using an optical reader and didn’t experience any problems, but did notice a few. A couple people were turned away due to Arizona’s ridiculous photo ID law and precinct changes. Some voters had problems reading the tight print on the optical ballot, but I won’t really blame

Stop Using IE… Umm… Again… For Now. Anyone on Lynx?

By Rich
An unpatched vulnerability being exploited in the wild. When I’m on a Windows system (I run it virtualized on my Mac for work) I tend to use multiple browsers since even Firefox has issues at times. I even do this on my Mac- running Firefox and Safari, switching between the two depending on where I’m going. But at this rate I’m going back to Lynx. (And if you go to “those” sites do yourself a favor and only browse from a virtual machine you reset after every use).

Update: No Bluetooth 0day Vulnerability, but a New Exploit

By Rich
After reviewing the materials I could find online I directly contacted Thierry Zoller and he was kind enough to respond with more details. In his words (with permission). Short version is the flaw is well patched, but the exploit is a new technique of getting a remote shell. No kernel bugs this time: Dear Rich Mogull, RM> Saw the ISC entry on your BT attacks. I’ve been writing a bit on this RM> issue and am wondering if you have any time for a couple quick RM> questions? RM> 1. Are currently patched Macs safe (OS X 10.4.8, 10.3.9)? Yes! The underflying

Don’t Panic: Bluetooth 0Day on Mac: Probably Patched

By Rich
I have no details, but am investigating. http://isc.sans.org/diary.php?storyid=1817 I know there are some Bluetooth 0days floating around for various platforms, but this one wasn’t on my list. This was presented at a conference in Europe. A copy of the presentation is here. In the presentation it looks like the flaw is patched, but I’m checking with the author to find out for sure. Right now nothing to panic about, but I do stand by my advice to start limiting wireless use in public areas. I still use my wireless, but I leave

Site Updates This Weekend

By Rich
I’ll be updating the look and feel of the site slightly, and performing some other system updates. There shouldn’t be any outages, but if you do notice anything strange or some HTML/CSS issues please let me know

E-voting Can be More Secure When Done Right

By Rich
In the comments of my last post, bkwatch reminds me that paper ballots are from from perfect. I totally agree. I’m also not against e-voting just on principle. Or against all e-voting. I’m just against insecure electronic voting. Which, based on what I’ve seen, is true of many, if not most, current implementations. Here’s what I said: Here”s why I don’t think the risk is overblown. First of all there are only a few manufacturers of voting machines. The problems we see are systemic to those manufacturers and systems. Thus the potential exits for
Page 320 of 328 pages ‹ First  < 318 319 320 321 322 >  Last ›