Jeff Jones Security Blog

• RSS 2.0
• Atom 1.0

Tags

• Antimalware
• Antivirus
• Apple
• Bill Chesick
• Black Hat
• Bloggers
• Brian Krebs
• Browser Security
• CanSecWest
• Cisco
• Commentary
• Cool
• Database
• Developer
• Firefox
• Fun
• Geek
• General
• Green
• Guitar Hero
• Hack
• HIPS
• Home Theater
• Hugh Thompson
• Hyper-V
• IE
• IEEE
• IIS
• iPod
• jeff-story
• Lifecycle
• Linux
• Mac OS X
• Martin Hellman
• McAfee
• Media Center
• Metrics
• Microsoft
• Microsoft Security Essentials
• Microsoft, Patch Management, Project Quant, Security, Securosis, Open Research, Metrics
• Mozilla
• MSCASI
• MSRC
• MySQL
• Novell
• NVD
• Open Research
• Open Source
• Oracle
• Patch Management
• Patchguard
• People
• Perception
• Podcast
• Privacy
• Process
• Project Quant
• PVR
• Rap
• Red Hat
• RSA2008
• RSA2009
• RSAConference
• Safari
• Scrawlr
• SDL
• Secunia
• Security
• Security Bulletins
• Security Center
• Security Intelligence Report
• SecurityGuy
• Securosis
• SIR
• Sophos
• South Park
• SQL Injection
• SQL Server
• Story
• Studies
• SuSE
• Symantec
• TechEd
• Tools
• Trend Micro
• UAC
• Ubuntu
• Video
• Vista
• VOIP
• Vulnerabilities
• Vulns
• Webcast
• Windows
• Windows Server
• Windows Server Core
• Windows vs Linux
• Windows XP SP2
• World of Warcraft
• Zune

News

Archives

• June 2009 (3)
• April 2009 (8)
• March 2009 (2)
• February 2009 (4)
• January 2009 (2)
• December 2008 (1)
• November 2008 (4)
• October 2008 (1)
• September 2008 (1)
• August 2008 (5)
• June 2008 (5)
• May 2008 (4)
• April 2008 (6)
• March 2008 (4)
• February 2008 (1)
• January 2008 (1)
• December 2007 (1)
• November 2007 (5)
• October 2007 (5)
• September 2007 (2)
• August 2007 (1)
• July 2007 (1)
• June 2007 (7)
• May 2007 (4)
• April 2007 (1)
• March 2007 (4)
• February 2007 (10)
• January 2007 (10)
• December 2006 (1)
• November 2006 (6)
• October 2006 (11)
• September 2006 (7)
• August 2006 (5)
• July 2006 (8)
• June 2006 (8)
• May 2006 (9)
• April 2006 (3)

Security Blogs I Read

• Mike Howard blog
• Jesper's (new) blog
• Steve Riley blog
• Tales from the Crypto
• Stepto's Blog
• MSRC Blog
• Dana Epp's Weblog
• Windows Vista Security Blog
• Port 25 - OSS Lab @ MSFT

Windows vs Linux Security Analysis

• Windows vs Linux - Workstation - 1H06
• Windows vs Linux - Server - 1H06
• Apples, Oranges and Vulnerability Metrics
• EAL4+ Common Criteria Comparison
• Ubuntu 6.06 LTS 90 Day Vuln Scorecard

Jeff Jones Security Blog

This blog is for discussing all things with respect to computer, network and information security.

Leaving Purdue in 1987, I immediately started working in security at the Computer Security Office of the Aerospace Corporation.  We did Air Force risk assessments, research projects and supported the Trusted Product Evaluation Program (now NIAP) with the NSA.  Nineteen years later, I've worked always in security, learning along the way at Trusted Information Systems (TIS, where I got my first experience with an Open Source product the FWTK).  While at TIS, I also got my first Linux experience when I worked from home on my P66 SLS Linux machine, building and maintaining everything myself. (I connected to a netcom dial-up Shell account and did end-to-end tunneling to our internal office Sun servers, running X as my GUI and using an X-redirector across the tunnel.  No encryption, so it wasn't a VPN, but was a VN.  Performance was reasonable.)  Since those good old days, I did kernel dev on Trusted Xenix, a lot of research and and consulting, thousands of firewall stalls and eventually moved into product management at McAfee/NAI and <blah> <blah>

Now, I'm a Strategy Director in the Microsoft Security Technology Unit, part of the team trying to make all Microsoft products more secure.  I get to work with great people and am having a good time helping drive new, more secure, products.

Anyway, been doing it a while and I'm a bit skeptical of "2 year security experts" who couldn't tell you who Robert Morris is, or what was ironic about the Morris Worm without help from Google.