All Posts

Retired Comedians and Missed Opportunities

There’s this old joke about a comedians’ retirement home that goes something like this:

An aging comedian decides to retire to a community that has just other comedians living in it. On his first day there, he does down to lunch, and there’s a bunch of retired fellow comics sitting around the table.

What do Security-Conscious People Choose?

At security conferences and events, I have noticed that the distribution of operating systems seems to differ somewhat from what I read in the papers. As my last post showed, the Internet Identity Workshop skewed decidedly in the Mac direction.

I thought it would be fun to put together a quick poll asking the members of the mailing what operating systems they used. I sent out a note asking the membership to respond to two simple questions:

Microsoft Security Intelligence Report 2H06

This is essentially a forward reference to a comment I made to another blog, but as it is related to the nature of reporting for vulnerabilities and quantitative progress against them, perhaps it is relevant here.

Ryan, Joe, Joanna, and the “Serious Hole” in Vista’s UAC

ZDNet’s Ryan Naraine blogs about Joanna Rutkowska’s blog post on Vista security. Joanna pointed out that Vista’s Mandatory Integrity Control feature has a few implementation flaws and seems to default to prompting for admin credentials whenever setup apps run. EWeek’s Joe Wilcox asked me to comment on the imbroglio which I was happy to do. I also posted a lengthy comment on Joe’s story, which for posterity I reprint here.

SANS, Schadenfreude and the Mac

I’ve got to wonder about the what planet the SANS people live on these days. Apparently, in an effort to make their semi-annual Top 10 list of vulnerabilities appear “fair and balanced,” they’ve decided to whip up panicky sentiments towards Mac OS X.

I won’t offer either of the usual obligatory and contrary platitudes on this subject (“Dood! Macs are invulnerable” or “of course, no system can ever be 100% secure”), because you know them already. Other folks, like Scott Bradner have made the latter argument well. But I will say that I think this stuff is a tempest in a teapot, designed to get some press for SANS.

Open Letter to SC Magazine

Sent from my YG account 25 April 2006: Dear Sir, Please stop printing sensationalist headlines. The headline of your article on 21 April 2006, “Report: Non-Windows attacks on the rise” gives the misleading impression that non-Windows platforms are increasingly being “attacked”, and cites a recent Kaspersky report by Konstantin Sapronov as evidence.