Updated: 8.5.2002; 0:56:35 GMT.

Security weblog



daily link  Monday, April 1, 2002

How to cope with spam
I don't get much spam. Some 3 emails a month. So my tactics how to cope with it is quite primitive. On newsgroups, recruiting websites I use my public address that I can kill off if the spam becomes unbearable and one address I generally give only to friends I care about. This man, however, is more sophisticated than this, and successful under high tide as well.  11:01:13 PM  permalink  
.NET Security

.NET Security

Warning - Microsoft's .NET is a brand and therfore does not mean anything, really. Like Nike's swoosh. Well not completely. As Nike has its trainers, Microsoft .NET has servers, application component model and on-line services. So there is something real, however, an important thing to notice is that attempting to talk about .NET security is perhaps the same difficult as trying to answer the question, "How secure is Microsoft?" Very broad subject with many ambiguities.

Security of the server component will depend largely on (uncertain) outcome of Trustworthy Computing initiative. Though it does not seem like that from some papers, Microsoft has some bright researchers in the background. What's uncertain is the success of developer education and managing extra costs security brings into economic equations.

.NET Framework security is a big question. This is brand new thing, previously untested architecture. I would exect its design to be reasonably secure, but there is always problem of quality of the implementation. Since CLR, which is at the heart of the framework, is supposed to run on multiple platforms, dependencies with other components will be a major issue. Thanks to scripting languages promoted by the framework, buffer overflows will start to be less of an issue.

.NET My Services is another brand new thing. Microsoft hasn't been successful service provider so far and is supposed as highly untrustworthy partner to run identity service such as Passport. By providing centralised service creates single point of failure and by using its own name it places itself on the front sight of hackers, script kiddies and general MS-haters.

  10:26:45 PM  permalink  
New model viruses

Short reiteration of characteristics of recent viruses:

  • Spread by multiple vectors
  • Aimed at servers
  • Code with virus like reproduction capabilities exploting security holes for infection
  • Trojans by email

And outlook for the future:

  • SOAP as a medium for infection and reproduction
  • Mobile phones and PDAs
  9:06:37 PM  permalink  
Security market after Sep 11

Security market after Sep 11

Why Sept 11 should have improved security sales? Terrorists are low tech and to face them, we need better coordinated response, better aviation security and perhaps better disaster recovery plans. Not firewalls, VPNs and antivirus products.

  5:53:24 PM  permalink  

  
April 2002
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        
Mar   May
Misc

About
Reading list
Resources
Contact me

News

SANS NewsBites
Crypto-gram
UKCrypto
Information Security
Objectwatch
CBDi Forum

Channels

Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Better Living Through Software (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Content Wire - Digital Copyright (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Dictionary.com Word of the Day (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Digital Identity (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Digital Identity World (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Financial Applications Security Weblog (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Joel on Software (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Jon's Radio (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Line56: B2B News (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. O'Reilly Network Articles (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. onlineblog.com (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. RISKS Digest (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Scripting News (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. SecurityFocus (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Web Services Architect (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. WebServices.Org (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Wired News (rss)



jenett.radio.simplicity.1.3R
Radio Userland


Copyright 2002 © Jiri Ludvik.
Last update: 8.5.2002; 0:56:35.