Patching

There’s been a lot said in security circles about a talk on Tor being pulled from Blackhat. (Tor’s comments are also worth noting.) While that story is interesting, I think the bigger story is the lack of infrastructure for disclosure coordination. Coordinating information about vulnerabilities is a socially important function. Coordination makes it possible for…

Read More CERT, Tor, and Disclosure Coordination

Dear Apple, In the software update, you tell us that we should see http://support.apple.com/kb/HT1222 for the security content of this update: However, on visiting http://support.apple.com/kb/HT1222, and searching for “10.3”, the phrase doesn’t appear. Does that imply that there’s no security content? Does it mean there is security content but you’re not telling us about it?…

Read More Is iTunes 10.3.1 a security update?

If you haven’t heard about this, you need to. All Debian-based Linux systems, including Ubuntu, have a horrible problem in their crypto. This is so important that if you have a Debian-based system, stop reading this and go fix it, then come back to finish reading. In fact, unless you know you’re safe, I’d take…

Read More The Difference Between Knowledge and Wisdom

Microsoft Office 2008 for the Macintosh is out, and as there is in any software release from anyone there’s a lot of whining from people who don’t like change. (This is not a criticism of those people; I am often in their ranks.) Most of the whining comes because Office 2008 does not include Visual…

Read More Microsoft Has Trouble Programming the Intel Architecture