The information in this weblog is provided "AS IS" with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my opinion. Inappropriate comments will be deleted...

Steve Riley gave a fasinating session @ IT Forum where he commented that 802.1X for wired networks would not solve as many security problems as people perceive. 802.1X does NOT authenticate each packet (unlike IPSEC ESP-null) and hence WITH PHYSICAL ACCESS...

There's a wealth of excellent prescriptive Guidance from Microsoft Consultants which is available for free download at http://www.microsoft.com/technet/security/guidance The wireless guide explains how to secure both large scale Enterprise networks and...

Many Blogs are receiving feedback with links to the following URL - DO NOT FOLLOW THIS LINK(that's why I've left off the http:// prefix) "cool12xp.s20.xrea.com". Typical entries have the title of "Great article" with text along the following lines: "Great...

http://www.theregister.co.uk/2004/11/21/register_adserver_attack/ I'm not saying that it's good that anyone's been hacked, simply that publicity to get people to install XP SP2 is a good thing.

Steve Riley @ Jesper Johansson are writing a book titled "Proecting Your Windows Network" - an interesting except can be found I found here

I'm having a look @ Firefox and have noticed that the code is not signed and therefore it's theoretically possible for a trojan to have been inserted in it.

I came across the following post on slashdot Hacking Vodka Posted by michael on Saturday November 20, @12:06AM from the everclear dept. enrico_suave writes "A group of geeks aimed to find out whether running cheap vodka through a brita water filter would...

Steve Riley's Blog includes the following post which just shows that even brand new security software can be circumvented. "A vulnerability exists in which a properly timed buffer overflow attack may evade the protections offered by CSA . The system under...

Such a huge topic. In my experience getting users to buy into their role in security is imperitive and it's also pretty difficult. We've all seen examples of machines that are left unlocked in open offices. We've seen corporate IT departments that have...

It's great to be back in Copenhagen for ITForum 2004. I'm really looking forward to Steve Riley and Jesper Johansson's pre-conference session tommorrow covering how to deal with the practical challenges of stopping malicious users from stealing your corporate...

Another interesting article on Slashdot. http://slashdot.org/article.pl?sid=04/11/23/0311227&from=rss

Details of the event can be found here . The panel session debated whether privacy's dead given the ever greater power afforded to government and law enforcement to inspect electronic communications. Clearly this is a contentious topic and there is a...

William Luu's feedback to my last post makes a great deal of sense - "They're just trying to boost their websites' Google Rank. It could very well be one of those bots/scripts doing the rounds" I've looked more closely at the site and can confirm that...

It's only a matter of time before Moblogs hit the mainstream. Clearly this is something the mobile operators will encourage and so many people have camera phones & love sharing pictures. Moblogs are likely to be seen as requiring less effort than...