Security Balancetrying to bring balance to the Force |
 |
This has just been announced: “Adobe joins Linux Foundation, develops AIR for Linux” OK, now the vulnerabillities from Adobe that sinked Windows on the Pwn2Own contest will be available for Linux users too. Those contests will be more fair now Now seriously, it’s impressive how people don’t realize the importance of Adobe software security. We [...]
I was reading slashdot news when I found this one, that mentions a study requested by UK first minister: “Usually, ‘thinking of the children’ is a starting point to impose limitations on video games and internet in general. For once, a study requested by UK’s Prime Minister seems to be a bit more objective then [...]
I was LOL after reading this, from The Register: “(CanSecWest) VMware researcher Oded Horovitz got an earful when he told a group of security buffs his company’s virtualization software was theoretically impenetrable. Speaking at the CanSecWest conference in Vancouver, his hour-long presentation, titled Virtually Secure, included a slide titled “VM Escape” that carried the following [...]
A few minutes after I posted about the Pwn2Own contest and its results (Mac Air Book compromised), JJD posted in his blog his point of view about Mac security. Well, even after reading his post I still keep with my point. I’m not saying that Windows is better than MacOS. This issue includes things beyond [...]
Well, I think the results of the first day of the Pwn2Own contest shows what most of us already knew. Microsoft is doing a much better job on securing their software than Apple. What makes me sad is that because of its past and its image among geeks (like it its The Borg) Microsoft is [...]
I was reading Hoff`s posts about disruptive innovation and remembering the concepts behind it. It is interesting to see these business theories being applied to Infosec. I read some of Hoff`s posts about the subject and after some thinking I found some interesting concepts on the subject. First, we can see disruptive innovations as “sharp” [...]
I love to see people analyzing basic aspects of “well known truths”. On this nice piece Amrit analyses the endpoint protection “solution” in a cost/benefit way. It’s very important for all of us to constantly do thinking exercises like that. Sometimes the obvious value of security solutions can be quickly turned into just myths by [...]
David Goldsmith did a very nice review about the issues of ActiveX Controls on security. He made 5 points in his post, but this one is quite important: “They are rarely necessary.  The worst part is, ActiveX controls are often add-ons that no one really needed and wouldn’t miss if they disappeared.  A lot of [...]
After the case of the French bank Société Générale, the insider threar is again a hot subject on the field. It was always one of my main interests and the subject of my Master thesis. This article from Network Computing mentions the need to work together with HR and putting more emphasis on the human [...]
It has been a long time since a vulnerability on Microsoft Outlook was disclosed. This time MS08-015 is one of those that facilitates the spreading of malware, as it makes easier to run unathorized code. Some people learn that they can click on the links but they can’t click on “yes” when being asked if [...]
