All Posts

What do Security-Conscious People Choose?

At security conferences and events, I have noticed that the distribution of operating systems seems to differ somewhat from what I read in the papers. As my last post showed, the Internet Identity Workshop skewed decidedly in the Mac direction.

I thought it would be fun to put together a quick poll asking the members of the mailing what operating systems they used. I sent out a note asking the membership to respond to two simple questions:

Ryan, Joe, Joanna, and the “Serious Hole” in Vista’s UAC

ZDNet’s Ryan Naraine blogs about Joanna Rutkowska’s blog post on Vista security. Joanna pointed out that Vista’s Mandatory Integrity Control feature has a few implementation flaws and seems to default to prompting for admin credentials whenever setup apps run. EWeek’s Joe Wilcox asked me to comment on the imbroglio which I was happy to do. I also posted a lengthy comment on Joe’s story, which for posterity I reprint here.

SANS, Schadenfreude and the Mac

I’ve got to wonder about the what planet the SANS people live on these days. Apparently, in an effort to make their semi-annual Top 10 list of vulnerabilities appear “fair and balanced,” they’ve decided to whip up panicky sentiments towards Mac OS X.

I won’t offer either of the usual obligatory and contrary platitudes on this subject (“Dood! Macs are invulnerable” or “of course, no system can ever be 100% secure”), because you know them already. Other folks, like Scott Bradner have made the latter argument well. But I will say that I think this stuff is a tempest in a teapot, designed to get some press for SANS.

Open Letter to SC Magazine

Sent from my YG account 25 April 2006: Dear Sir, Please stop printing sensationalist headlines. The headline of your article on 21 April 2006, “Report: Non-Windows attacks on the rise” gives the misleading impression that non-Windows platforms are increasingly being “attacked”, and cites a recent Kaspersky report by Konstantin Sapronov as evidence.

Voting With Your Feet

Most people know that the dominant computing platform has a little problem with security. It’s a little problem with big consequences. Recently, research firm IDC released a report indicating that two thirds of PCs—including those deployed within companies—are affected by some sort of spyware.