Browse by Tags

All Tags » General Security » Programmer Hubris (RSS)
Monday, August 25, 2008 11:22 PM

My MP3 player demands to administer my system

Thanks to the excellent http://www.woot.com , I upgraded to a new MP3 player - this one, the Sansa e250 from SanDisk , has a little screen and shows video at an almost completely unacceptably small resolution. But I don't mind that, I didn't really...
Posted by Alun Jones | 3 comment(s)
Filed under: , , ,
Thursday, May 22, 2008 8:02 PM

Searching for Weak Debian / Ubuntu SSL Certificates

I've seen a number of people promote packages that have shipped for Debian and Ubuntu, which allow users to scan their collected keys - OpenSSH or OpenSSL or OpenVPN, to discover whether they're too weak to be of any functional use. [See my earlier...
Posted by Alun Jones | 2 comment(s)
Filed under: , , ,
Thursday, May 15, 2008 5:55 PM

Debian and the OpenSSL PRNG

[PRNG is an abbreviation for "Pseudo-Random Number Generator", a key core component of the key-generation in any cryptographic library.] A few people have already commented on the issue itself - Debian issued, in 2006, a version of their Linux...
Posted by Alun Jones | 10 comment(s)
Filed under: , ,
Friday, May 09, 2008 9:32 PM

Apple Changes Update Policies - Still No Biscuit

As I have mentioned in other posts ( Retro-bundling - another suck of the Apple , MacBook Air debuts; iTunes Pesters Me Again , Removing Apple Mobile Device Support , I didn't want iTunes - now I've got iPod, too? , etc, etc), this has long since...
Posted by Alun Jones | 1 comment(s)
Filed under: ,
Tuesday, May 06, 2008 5:33 PM

Think like a bad guy? It's a start.

Cool new site (and blog ) from Microsoft - http://securedeveloper.com - and it has a tag line I've heard many times before: Like that old maxim that "you need to stop fighting fires long enough to tell the architects to stop building things out...
Posted by Alun Jones | 1 comment(s)
Filed under: ,
Tuesday, February 26, 2008 11:55 AM

CS-RCS Pro on Vista

I've been trying back and forth to get CS-RCS Pro , a version control suite, to work on Windows Vista. I like CS-RCS Pro for a number of reasons: Files stored in CS-RCS Pro are kept in a simple format, open and well-documented. As a result, if I ever...
Posted by Alun Jones | with no comments
Filed under: , , ,
Monday, December 17, 2007 5:38 PM

Removing Apple Mobile Device Support

As mentioned before, I'm not a fan of Appple 's, particularly because they tend to impose crap on me that I'm not interested in having. I've been trying to figure out how to remove iTunes , iPod and Aple Mobile Device Support on and off...
Posted by Alun Jones | 52 comment(s)
Filed under: , , ,
Tuesday, November 27, 2007 6:41 PM

I didn't want iTunes - now I've got iPod, too?

So, in my last post " Can the EU get me QuickTime N? ", I noted that my installation of QuickTime (because I had a .MOV file I want to see) led to Apple Software Update offering me "iTunes + QuickTime 7.5", despite my removing iTunes...
Posted by Alun Jones | 9 comment(s)
Filed under: , ,
Tuesday, November 27, 2007 5:52 PM

Can the EU get me QuickTime N?

So, a long time ago, in a continent not so far away, the European Union required Microsoft to ship a version of Windows without Media Player , called Windows XP N. Now, here's a follow-up to my previous articles: Programmer Hubris Part 1 - He's...
Posted by Alun Jones | 4 comment(s)
Filed under: , ,
Friday, November 23, 2007 10:38 PM

Why is DR and process documentation so bad?

Given stories of people who have failed DR tests because they fail to document the processes that are required to recover systems, it's clear that the missing link is documentation and process. Why are systems so poorly documented? I see two reasons...
Posted by Alun Jones | with no comments
Filed under: ,
Tuesday, October 02, 2007 9:35 PM

DRM should always be a choice

Jesper's recent frustration with a bug in the DRM support on his Windows Media Center Edition (MCE) system demonstrates a couple of basic truths in system reliability: Complexity negatively impacts reliability. DRM contributes to complexity. Clearly...
Posted by Alun Jones | with no comments
Filed under: , , ,
Monday, September 03, 2007 8:51 PM

Why complain about UAC prompts?

Jesper's article in TechNet Magazine on the purpose and future of UAC in Windows Vista and beyond reminded me that there's a whole slew of behaviours more annoying than UAC's prompting (which, as Jesper points out, is only the most visible...
Posted by Alun Jones | 2 comment(s)
Filed under: , , , ,
Thursday, July 26, 2007 9:05 PM

firefoxURL:%03

Part 3 - and I promise that's the lot for now, because it's starting to look like I'm obsessed or something. Over the past week or so, you've read me talking about vulnerabilities in Fire fox's protocol handlers, and how my perception...
Posted by Alun Jones | 4 comment(s)
Filed under: , ,
Monday, July 23, 2007 10:51 PM

FirefoxURL - potshots part deux

I've been encouraged to collect together some comments that I've made over on other people's blogs about the firefoxurl: vulnerability. First, I do have to note with a little embarrassing schadenfreude that Mozilla's Window Snyder, Chief...
Posted by Alun Jones | 21 comment(s)
Filed under: ,
Sunday, July 22, 2007 1:57 PM

firefoxurl: URL vulnerability

Heard about the firefoxurl vulnerability? It turns out that you can exploit Firefox by having Internet Explorer visit a link to a URL that starts with "firefoxurl:" (and a bunch of other code). [Assuming you have Firefox on your computer along...
Posted by Alun Jones | 5 comment(s)
Filed under: , ,
Tuesday, July 10, 2007 7:08 AM

Aitel's "Immunity" keeps bugs alive?

A couple of telling paragraphs from a story on Justine Aitel , CEO of Immunity, Inc. (nice to know Dave's keeping it all in the family, just like we do at Texas Imperial Software ): Immunity, which buys but does not disclose zero-day bugs, keeps tabs...
Posted by Alun Jones | with no comments
Filed under: ,
Thursday, June 28, 2007 9:13 PM

Wireless PC Lock - part 2

Over the last several days, I've been getting more and more requests for my updated Wireless PC Lock software that I described way back last year . Possibly, it's because of stories like this one : At New York-based Big Four accounting firm Ernst...
Posted by Alun Jones | 14 comment(s)
Filed under: , , ,
Tuesday, May 01, 2007 10:00 AM

Vista incompatibility isn't always Vista

In fact, it is very rarely Vista, from the problems I've seen. Sure, there are some programs that rely on features and functionality that has been removed from Vista - but by and large, that functionality was already documented by Microsoft as being...
Posted by Alun Jones | 6 comment(s)
Filed under: , ,
Thursday, April 26, 2007 9:50 PM

Alternate Data Streams in Windows Vista

Windows NT 3.1 was released ... oh, back in the early to mid '90s. Ever since then, I've been aware that it supported Alternate Data Streams, also known as ADS, or in some technical documents that didn't make it to final review, Alternative...
Posted by Alun Jones | 8 comment(s)
Filed under: , , , ,
Monday, April 02, 2007 12:01 PM

Don't catch exceptions

A long time ago, the developer of a competing product to my own WFTPD Pro decided that he was going to do something about GPFs in his software. He released a new version, and declared that you would never see another GPF from his software. How did he...
Posted by Alun Jones | 3 comment(s)
Filed under: , ,
More Posts Next page »