Uncategorized

“The time has come,” the Walrus said, “To talk of many things: Of shoes–and ships–and sealing-wax– Of cabbages–and kings– And why the sea is boiling hot– And whether pigs have wings.” “But wait a bit,” the Oysters cried, “Before we have our chat; For some of us are out of breath, And all of us…

Read More Self-referential nonsense

Bruce Schneier has written insightfully about Olympic security. They’ve spent $1.5 billion, and today’s marathon race was marred by some idiot leaping into the path of the front-runner, and dragging him into the crowd. Its always tempting, and usually wrong, to say that any failure of security could be prevented. However, this Olympics has seen…

Read More Olympic Security

Beatrice Arthur, who apparently enjoys a little politics along with her fame, got irked at the airport police: “She started yelling that it wasn’t hers and said ‘The terrorists put it there,’ ” a fellow passenger said. “She kept yelling about the ‘terrorists, the terrorists, the terrorists.’ ” After the blade was confiscated, Arthur took…

Read More Bea Arthur, Terrorist

Over at TaoSecurity, Richard writes about a new report from CERT/CC and the Secret Service, studying “23 incidents carried out by 26 insiders in the banking and finance sector between 1996 and 2002.” I’m very glad that they’re doing this. I think that actually studying how bad guys carry out attacks is critical for defending…

Read More About those insiders

(Dave asked in a comment.) Yes, disabling Javascript is a win. Here’s an IE issue, and here’s one for Mozilla. Now, using Javascript, when its on, to reduce the number of clicks a user needs to make is a fine thing. I’m in favor of it. (Although I often find myself in misselect hell, when…

Read More Is Disabling Javascript a Win?

So Microsoft has released XP2 on a CD. I’m not currently running any Windows machines, but I figure hey, this is an important patch, and I should be able to foist it on people. So I go to Microsoft’s Order a CD site. I am curious to see what else the CD might contain. A…

Read More XP SP2

Alec Muffet comments on sysadmin resistance to applying patches. As Steve Beattie and a bunch of others of us wrote about the issue is that there’s a tradeoff to be made to find the optimal uptime for a system. Its a tradeoff between a security risk and an operational risk. Organizationally, different teams are often…

Read More Patch Management