Jeff's InfoSec Blog

Thoughts about information security, privacy, and regulatory compliance. Brought to you by Jeff Newfeld, the product unit manager for security solutions in Microsoft's Core Infrastructure Solutions group.

February, 2005

  • Is finding security holes a good idea?

    Some interesting papers came out of the third annual Workshop on Economics and Information Security. If you're an IEE Computer Society member you can read the full text. Eric Rescorla's article, "Is Finding Security Holes a Good Idea?", provides a statistical...
  • Improving commerce security for consumers

    It's great that even the BBC understands the basic concepts behind identity management ( BBC NEWS | Technology | Solutions to net security fears ) and the problems associated with multiple identities. The token approach (as promulgated by RSA, Activcard...
  • Microsoft's Security Cooperation Program

    I love how news reporting can subtly (or not so subtly) slant interpretations while professing to still be reporting facts. CNet's reporting of the Microsoft Security Cooperation Program is a great example. When I heard about this program I thought it...
  • Former AOL employee pleads guilty in spam case

    Ouch -- 92 million screen names and email addresses stolen from AOL. The guy netted $28k, and will have to pay $200-400k in restitution. Not exactly a lucrative business, was it? Once again we see privacy compromised from the inside -- nothing that...
  • Hey, Mom finally gets security!

    Interesting -- According to a UK study, demograpghics are skewing for home users, with older people buying a larger percentage of home infosec products (AV, etc.) and younger people being the ones that naively assume they're OK. Without the data it's...
  • DRM is anti-privacy???

    DRM is one of those fascinating areas where we really haven't explored the implications of our decisions. I have seen a lot of complaints about Napster's requiring you to be a mamber of their service in order to continue to listen to music that you downloaded...