Jesper's Blog

Kip Hawley: "No, the TSA is Necessary Because This is War!"

Jesper's Blog — Wed, 24 Dec 2008 10:44:00 GMT

CBS News did a story a few days ago on the Transportation Security Administration (TSA). Basically it was a tit-for-tat between Bruce Schneier , security pontificator extraordinaire, and Kip Hawley, the administrator of the TSA. Mr. Hawley's maintans...(read more)

One "Hacker" Attempts to Rule The World

Jesper's Blog — Wed, 24 Dec 2008 08:40:00 GMT

Wired, always a source for amusement and interesting literature, just carried a story on a "hacker" (the magazine's use of the term equates to "criminal") who attempted to dominate the market in stolen credit cards. It's a...(read more)

You need to manually undo your MS08-078 mitigations

Jesper's Blog — Thu, 18 Dec 2008 17:57:00 GMT

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-alt:"Calisto MT"; mso-font-charset:0; mso-generic...(read more)

Lock your USB Token

Jesper's Blog — Tue, 16 Dec 2008 07:10:00 GMT

Recently, Lev Bolotin of Clevx gave me a production sample of a USB token with a keypad on it. It's a pretty neat idea for certain uses. My immediate thought went to BitLocker in Windows Vista. You can store the BitLocker key on a USB stick, but you...(read more)

Believe it or not; DRM for Zune is down!

Jesper's Blog — Tue, 16 Dec 2008 06:21:00 GMT

Shocking, yes, I know, but in only four hours this evening Microsoft has managed to alienate over 150 additional customers with its insistence on Digital Rights Management (DRM). This time it is the DRM component of the Zune store that is down, according...(read more)

What do you think, should I do it?

Jesper's Blog — Sun, 16 Nov 2008 16:44:00 GMT

I get a fair bit of blog spam - comments advertising everything from sexual enhancers to fake anti-malware. This one just came in this morning: Sweet! I can turn off all the blog spam just by e-mailing the criminals? Or, could it possibly be that this...(read more)

Fun Experiences at Airport Security

Jesper's Blog — Sat, 15 Nov 2008 16:13:00 GMT

For a while I've been thinking about writing something about interesting times I've had at various airport security checkpoints; security theater, as they have come to be known. There is the obvious shoe removal arguments and the ill-defined rules...(read more)

XP Antivirus in the News

Jesper's Blog — Fri, 07 Nov 2008 10:05:00 GMT

Several helpful people just pointed me to some articles on XP Antivirus and its various variants. In case you do not remember, XP Antivirus was the subject of an article I wrote for The Register a few months back. It turns out that the scammers got hacked...(read more)

Is MS08-067 Wormable?

Jesper's Blog — Tue, 04 Nov 2008 12:14:00 GMT

A couple of weeks ago Microsoft released an out-of-band security update in bulletin MS08-067 . Looking at the type of vulnerability and the fact that the issue was already being exploited in the wild at the time, this was a good decision. If you have...(read more)

Need a spare Windows box?

Jesper's Blog — Fri, 24 Oct 2008 07:00:00 GMT

Have you ever found yourself in urgent need of another Windows box? Or, have you wanted to build a web application on Windows, but without having to buy servers? Or maybe you just want to have a network of Windows machines that you can test your new Server...(read more)

Revisiting the Immutable Laws

Jesper's Blog — Tue, 23 Sep 2008 06:00:00 GMT

For many years I, and many others, have been referring to the immutable laws of security when trying to explain why something works, or does not work, a particular way. However, I've always wondered how immutable the laws really are? I finally sat...(read more)

Anatomy of a Hack 2008

Jesper's Blog — Fri, 22 Aug 2008 19:46:00 GMT

A few years ago I delivered a very popular presentation I called "Anatomy of a Hack." Well, actually, I called it "How to Get Your Network Hacked in 10 Easy Steps" but the marketing department at my previous employer thought that title...(read more)

Security is About Passwords and Credit Cards, Part 3

Jesper's Blog — Sun, 10 Aug 2008 06:14:00 GMT

The final installment in my series called " Security is About Passwords and Credit Cards " is now up on TechNet Magazine. This part of the series discusses updating technologies, including how not to abuse them, messaging about security, and...(read more)

Buy the original Olympic Torch from Beijing

Jesper's Blog — Sat, 09 Aug 2008 03:38:00 GMT

"Buy the original Olympic Torch from Beijing" That was one of the fake headlines in the latest "CNN.com Daily Top 10" malware spam I've been getting lately. This particular spam is a fake newsfeed which redirects you to one of...(read more)

How Not To Build a Highly Available Web Site

Jesper's Blog — Wed, 23 Jul 2008 04:45:00 GMT

Here's what I just got when I went to http://www.technetmagazine.com : Here's the kicker: it's not TechNet Magazine that is down, nor even TechNet. It is Microsoft Live Sign-in, nee Passport. To get to TechNet it attempts to sign you in to...(read more)