Awareness is our biggest challenge, but we've been doing a lot to make this happen. At this point the consumers that are walking into these rediculous schemes need to accept that they are, to some extent, the authors of their own misfortune. I like this...

The Payment Card Industry (credit-card issuers) have created their own set of regulations that e-commerce sites must follow if they're to continue processing credit card payments. The regs are pretty good -- a 12-point checklist of areas that need to...

More progress being made on the anti-spyware front: http://www.eweek.com/article2/0,1759,1788844,00.asp . Industry players are banding together to try and define this. I'm not sure that this is a good idea -- while I agree that the term "spyware" has...

This is one of those times that I love this company -- building a tracking system to fight kiddie porn, and giving it away to police departments worldwide. Link.

TechWeb just posted an article on DNS cache poisoning continuing. The Microsoft KB article can be found here . The problem: cache protection (in Windows 2000 SP3 and above) only applies when the DNS server is a master. If it is forwarding all requests...

Interesting article: Google Yourself to Identify Security Holes by Tony Bradley. His point is that security people should be using Google and the discussed tools as one facet of a vulnerability analysis program.

Sorry, I just can't get behind this: Battle brews over unlocking PC secrets . The PC industry has suffered for not having trusted mechanisms for identifying computers and locking down digital rights. I read the article and I still don't see Stallman's...

I am switching from MSN Spaces to TechNet over the next couple of weeks. Until I get my old stuff migrated over, if you're interested you can see my old posts here .

An old article, but still a good one, by Jakob Nielson (formerly at Sun, now at his own company). I strongly agree with his points, particularly: "passwords that comply with the above list of "security-enhancing" principles lead to one outcome: Users...

Ahh, the wonderful world of information security in the United States, where the threat of litigation can keep holes open and spyware active. eWeek has had a couple of articles this week on this topic. In The Chaotic World of Defining Spyware they discuss...