You'll notice Microsoft's auto-updaters (Windows Update / Microsoft Update / Automatic Updates) are not on the list. Why? Because we're paranoid, and we anticipated this type of threat years ago and mitigated it by signing all of our binaries and only...

So I noticed yesterday that Adobe had quietly released Acrobat 9 to the web. I decided to download it and check it out to see if they had finally gotten a copy of memo (it's just that we're putting cover sheets on all of our TPS reports now) and decided...

So came across an interesting report today from various security folks (including Gunter Ollmann from ISS): http://www.techzoom.net/papers/browser_insecurity_iceberg_2008.pdf I can appreciate what they are trying to do - and I believe they were probably...

So I still get IR related questions on occasion . . . one of which being 'what is the best way to dump memory on Windows'. I honestly am hopelessly out of touch - I haven't done IR in many years now - but I came across some intersting tools that seem...

Heres' an interesting, somewhat reflective blog from Kaminsky on security researcher drama, and how in an ideal world lots of trusted peers would get to review your vulns and fix plans before the patches ship: http://www.doxpara.com/?p=1164 Sadly - in...

"We are here in San Francisco, where we've secretly replaced the fine operating system these people usually use with Windows Vista, Let's see if anyone can tell the difference!" http://news.cnet.com/8301-13860_3-9998336-56.html?tag=nefd.lede

I have mad respect for Matasano and I can't believe a friend of mine now works there! http://www.matasano.com/log/1088/hello-a-self-introduction-by-chris-rohlf/ Congrats dude!

Lately I'm not a big fan of AV and it amazes me that AV hasn't been beaten up more badly than it has given how it runs on pretty much every desktop in the civilized world and how critical writing solid, secure code is these days. It looks like .Nruns...

Kaminsky's flaw has a metasploit module: http://www.caughq.org/exploits/CAU-EX-2008-0002.txt On the Internet - no one hears your screams.

Don't be evil. http://blogs.pcmag.com/securitywatch/2008/07/google_blogger_hosts_2_of_worl.php

Most Epic Fail: http://pwnie-awards.org/2008/awards.html#fail Gee . . . I hope we . . . win? No . . . wait . . . Windows Vista for proving that security does not sell $100,000,000 invested in security and what does Microsoft have to show for...