Steve Riley on Security

Browse by Tags

I want a Model 22 HDD Hard Drive Disintegrator: Here at Microsoft we have an active internal discussion group where most security-minded folk hang out. The topic of data destruction came up recently, it’s actually a lot more difficult than most people think. CIPHER /W and SDELETE do a reasonable job, Read More...
Posted 20 January 09 01:43 by Steve Riley | 10 Comments
Filed under security myths, physical security, data destruction
Myth vs. reality: Wireless SSIDs: Do you ever wonder sometimes how it is that some ideas just won't die? Like the thought that not broadcasting your wireless network's SSID will somehow make you more secure? This is a myth that needs to be forcibly dragged out behind the woodshed, strangled Read More...
Posted 16 October 07 12:08 by Steve Riley | 25 Comments
Filed under false claims, authentication, security myths, wireless, networking, encryption
Bugged Canadian coin story is...wait for it...BOGUS!: Surely you've heard, too many times by now, about the radio transmitters "discovered" in some Canadian coins. From the moment I first read about it, the steamy stench of pasture patties loomed large in the air. I watched in amazement as the story grew Read More...
Posted 16 January 07 03:39 by Steve Riley | 1 Comments
Filed under false claims, security myths, things that make me laugh
Security myths and passwords: I like this a lot. http://www.cerias.purdue.edu/weblogs/spaf/general/post-30/ In the practice of security we have accumulated a number of “rules of thumb” that many people accept without careful consideration. Some of these get included in policies, and Read More...
Posted 30 April 06 09:07 by Steve Riley | 3 Comments
Filed under identity, authentication, security policies, passwords, security myths
New site at the top of my favorites list: You know, stupid security abounds. I just discovered this site today, and I plan to become a regular visitor -- and probably a contributor, too! I encourage you to explore it and enjoy. Oh, some advice: it probably would be unwise to read an offline archived Read More...
Posted 16 November 05 01:46 by Steve Riley | 4 Comments
Filed under false claims, security theater, things that make me angry, security myths, things that make me laugh
The Internet routes around outages -- and censorship, too: Have you seen this yet? " Grokster ruling begins the good fight " If you haven't, it's worth your time to read -- it's a terrible shibboleth for a U.S. "national firewall." Coursey is promoting the idea that all U.S. Internet access should pass through Read More...
Posted 27 September 05 02:28 by Steve Riley | 3 Comments
Filed under false claims, security theater, things that make me angry, security myths, public policy
Airport security silliness: So today (Thursday 21 July 2005) I flew from Seattle to Dallas for a customer meeting. Since it's a short one-day affair, I packed my small carry-on size suitcase. In it was a pair of shoes, one pants, one shorts, two shirts, a toiletry bag, and my collection Read More...
Posted 21 July 05 08:23 by Steve Riley | 5 Comments
Filed under security theater, risk mitigation, things that make me angry, security myths, security science, public policy, aviation security
New column - debunking security myths: There is a lot at stake in security configuration guidance. First, it is easy to understand why people are clamoring for it. Everyone can see the benefit in turning on some setting and blocking an attack. In some environments, doing so is not even an Read More...
Posted 12 April 05 12:58 by Steve Riley | 0 Comments
Filed under false claims, security theater, risk mitigation, security myths, security science, things that make me laugh