January 2009 - Posts

Today’s spam

Here’s what’s in my junk mail folder today: What is up with all that? Apparently I sent a payment to myself, I initiated another payment to myself, I am a user of myself who’s received exclusive offers for January, and I received a payment from myself. Read More...

Posted 21 January 09 10:13 by Steve Riley | 12 Comments   
Filed under spam, email, things that make me angry

Attacks against integrity

I’ve been mentioning this frequently during my talks in the last 12 months: that accidental or malicious data modification is yet something else we need to defend against. Richard Bejtlich wrote last year about attack progressions , and this year summarized Read More...

Posted 20 January 09 08:28 by Steve Riley | 3 Comments   
Filed under security policies, protection, integrity

I want a Model 22 HDD Hard Drive Disintegrator

Here at Microsoft we have an active internal discussion group where most security-minded folk hang out. The topic of data destruction came up recently, it’s actually a lot more difficult than most people think. CIPHER /W and SDELETE do a reasonable job, Read More...

Posted 20 January 09 01:43 by Steve Riley | 10 Comments   
Filed under security myths, physical security, data destruction

Questions about virtualization and security?

Yesterday, Donnie Hamlett, a Microsoft core infrastructure optimization specialist, gave a webcast and played a video of my TechEd presentation on virtualization and security. Some of the viewers had questions, and I offered to Donnie that they could Read More...

Posted 09 January 09 09:46 by Steve Riley | 4 Comments   
Filed under configuration, virtualization

Poll: do you use scheduled scans for malware?

An  interesting comment recently appeared on my older post about whether or not to use antimalware software. Peter van Dam wondered whether scheduled scans are really necessary, given that anti-malware products scan files as they enter (and sometimes Read More...

Posted 05 January 09 12:03 by Steve Riley | 18 Comments   
Filed under risk mitigation, protection, malware

Search

This Blog

• Home
• About
• Email

Tags

• access control
• access technologies
• Active Directory
• advertising
• assessing security
• authentication
• aviation security
• biometrics
• BitLocker
• blogging
• conferences and seminars
• configuration
• data destruction
• email
• encryption
• false claims
• group policy
• home and family security
• identity
• infosec as a profession
• integrity
• Internet Explorer
• IPsec
• ISA Server
• malware
• music
• my book
• NAP
• networking
• passwords
• patch management
• physical security
• protection
• public policy
• risk mitigation
• RMS
• security myths
• security policies
• security science
• security theater
• spam
• SSL/HTTPS
• TechEd
• Terminal Server
• the end
• the future
• the trade press
• things that make me angry
• things that make me laugh
• things that make me worried
• threats
• virtualization
• VPN
• Windows 7
• Windows Vista
• wireless

Archives

• August 2009 (1)
• May 2009 (1)
• February 2009 (1)
• January 2009 (5)
• December 2008 (1)
• November 2008 (1)
• October 2008 (2)
• September 2008 (6)
• August 2008 (2)
• June 2008 (2)
• April 2008 (1)
• February 2008 (7)
• January 2008 (1)
• November 2007 (1)
• October 2007 (3)
• September 2007 (5)
• August 2007 (2)
• July 2007 (4)
• May 2007 (2)
• April 2007 (1)
• February 2007 (1)
• January 2007 (3)
• December 2006 (2)
• November 2006 (3)
• October 2006 (2)
• September 2006 (6)
• August 2006 (1)
• July 2006 (3)
• June 2006 (1)
• May 2006 (2)
• April 2006 (2)
• March 2006 (5)
• February 2006 (2)
• January 2006 (3)
• November 2005 (5)
• September 2005 (4)
• August 2005 (2)
• July 2005 (5)
• June 2005 (5)
• April 2005 (3)
• March 2005 (2)
• February 2005 (2)
• January 2005 (1)

Syndication

• RSS 2.0
• Atom 1.0