Tag: Security

Microsoft, reversing a previous decision, says it will not provide security updates to unlicensed users of Windows XP. Microsoft is obviously entitled to do this if it wants, since it has no obligation to provide product support to people who didn’t buy the product in the first place. A more interesting question is whether this…

I wrote previously about stopgap security, a scenario in which there is no feasible long-term defense against a security threat, but instead one resorts to a sequence of measures that have only short-term efficacy. Today I want to close the loop on that topic, by discussing how government might regulate fields that rely on stopgap…

Improving cybersecurity is supposedly a national priority in the U.S., but after reading Peter Harsha’s report on a recent meeting of the President’s Information Technology Advisory Committee (PITAC), it’s clear that cybersecurity research is severely underfunded. Here’s a summary: The National Science Foundation has very little security research money, enough to fund 40% or less…

Peter Harsha at CRA points to an interesting analysis, by Colleen Shannon and David Moore of CAIDA, of the recent Witty worm.

Simson Garfinkel has an eye-opening piece in CSO magazine about the contents of used hard drives. Simson bought a pile of used hard drives and systematically examined them to see what could be recovered from them. I took the drives home and started my own forensic analysis. Several of the drives had source code from…

A new computer worm infects PCs by attacking security software, according to a Brian Krebs story in Saturday’s Washington Post. The worm exploits flaws in two personal firewall products, made by Black Ice and Real Secure Internet. Just to be clear: the firewalls’ flaw is not that they fail to stop the worm, but that…

Yesterday, an ATM in Baker Hall at Carnegie Mellon University crashed, or had some kind of software error, and ended up displaying the Windows XP desktop. Some students started Windows Media Player on it, playing a song that comes preinstalled on Windows XP machines. Students took photos and movies of this. There’s no way to…

Eric Rescorla recently released an interesting paper analyzing data on the discovery of security bugs in popular products. I have some minor quibbles with the paper’s main argument (and I may write more about that later) but the data analysis alone makes the paper worth reading. Briefly, what Eric did is to take data about…

The Utah state legislature has passed an anti-spyware bill, which now awaits the governor’s signature or veto. The bill is opposed by a large coalition of infotech companies, including Amazon, AOL, AT&T, eBay, Microsoft, Verizon, and Yahoo. The bill bans the installation of spyware on a user’s computer. The core of the bill is its…