Steve Riley on Security

Formerly of Microsoft's Trustworthy Computing Group.

Browse by Tags

Related Posts
  • Blog Post: The Internet routes around outages -- and censorship, too

    Have you seen this yet? " Grokster ruling begins the good fight " If you haven't, it's worth your time to read -- it's a terrible shibboleth for a U.S. "national firewall." Coursey is promoting the idea that all U.S. Internet access should pass through a firewall that will block file-sharing and gambling...
  • Blog Post: The bad guys will use BitLocker, too

    Got an email today from a customer asking about how BitLocker will affect the ability of law enforcement to conduct forensic analysis of a protected hard drive. Specifically, the person was asking about any back doors that law enforcement could use to bypass the encryption. The answer is very simple...
  • Blog Post: Lousy security

    Lousy security is all around us, and I'm not even thinking about airport security here (which, I admit, i love griping about). Here I have in mind lousy computer security. And lest you think I'm proceeding to engage in naval-gazing introspection, no -- I'm not going to write about our own products. ...
  • Blog Post: America, wake up: stop being "security sheep"

    OK, I need to complain a bit here. Yesterday I went to Best Buy to get a new digital camera. I already knew which one I wanted, so I found a sales guy, pointed to the display unit, and said, "I'd like one of these." "Sure," he replied. He found the keys, unlocked the cabinet, pulled out a box,...
  • Blog Post: New site at the top of my favorites list

    You know, stupid security abounds. I just discovered this site today, and I plan to become a regular visitor -- and probably a contributor, too! I encourage you to explore it and enjoy. Oh, some advice: it probably would be unwise to read an offline archived version of this site on an airplane. :) ...
  • Blog Post: TechNet: Exploring the Windows Vista Firewall

    New article up... Back in the days of the paleocomputing era, no one ever thought about installing firewalls on individual computers. Who needed to? Hardly anyone had heard of the Internet, TCP/IP was nowhere in sight, and LAN protocols didn’t route beyond your building or campus. Important data lived...
  • Blog Post: Airport security silliness

    So today (Thursday 21 July 2005) I flew from Seattle to Dallas for a customer meeting. Since it's a short one-day affair, I packed my small carry-on size suitcase. In it was a pair of shoes, one pants, one shorts, two shirts, a toiletry bag, and my collection of wall warts (AC adpaters). Seems normal...
  • Blog Post: New column - debunking security myths

    There is a lot at stake in security configuration guidance. First, it is easy to understand why people are clamoring for it. Everyone can see the benefit in turning on some setting and blocking an attack. In some environments, doing so is not even an option. A system must be configured in accordance...
  • Blog Post: File under: "You've got to be kidding!"

    Today I upgraded the brain on my i-mate K-JAM. Which, of course, requires a hard reset, meaning that I get to spend a relaxing day re-installing and configuring all my applications. Usually when I do this (too frequently, it seems) I browse around for new and improved software. While perusing www...
  • Blog Post: Mythbusters beat "unbreakable" fingerprint door lock

    My good friend Jamie Sharp sent me this link today. It's amazing: watch how Adam and Jamie easily defeat a fingerprint lock the manufacturer claims has never been broken. As if to snub the claims, they break it three times! Supposedly it monitors pulse, sweat, temperature, and other attributes. First...
  • Blog Post: Cluelessness abounds

    So yesterday I received a rather interesting email. Subject: "INFOSEC Scholarships & Fellowships for PhD or MS + Free CISSP Exam Prep Events." Hm, I didn't know that "information security" suddenly became an all-caps acronym. How come no one asks me first about these things? Anyway, it purports to...