Dana Epp - Mirror of his SilverStr Blog
September 2006 - Posts
Michael Howard on Silver Bullet Security Podcast
Friday, September 29, 2006 9:41 PM
So Gary cornered Michael and got him on the latest Silver Bullet Security podcast . Welcome to the club. :) Its got some great little nuggets of information. I loved the point that security is about man vs man, not man vs machine . So true. And if you...
NIST Log Management Guide 800-92 is Final!
Friday, September 29, 2006 8:59 PM
Anton points out that NIST has released SP800-92 (" Guide to Computer Security Log Management" ) in its final form. This is good news. It provides practical, real-world guidance on developing, implementing, and maintaining effective log management practices...
Black Dog: Watch out for his "byte"
Thursday, September 28, 2006 3:39 PM
Found a really kewl embedded Linux device today called Black Dog that powers off of the USB port of a PC. It can then load an Xserver into memory on a Windows machine, and project the output from the Black Dog server to the Windows host. I see some real...
Static code analysis for web apps
Thursday, September 28, 2006 11:48 AM
Over at Security Compass they have released "Securitycompass Web Application Analysis Tool", or SWAAT for short. It is a FREE static code analysis tool that will parse PHP, ASP and JSP files, looking for possible coding defects in the code. I downloaded...
Developing Applications using Windows Authorization Manager
Thursday, September 21, 2006 5:20 PM
Up on MSDN they just published an article that explores techniques for developing with authorization manager, a role-based application framework which provides runtime access validation methods, storage, and a UI to manage access control. Authorization...
Mythbusters: When biometrics fail
Monday, September 18, 2006 6:10 PM
Every watch MythBusters? Its a great show. I quite enjoy it. It's not often that they do something that crosses into my realm though. Of course, recently they DID beat a biometric fingerprint door lock: Biometrics alone is not enough. You need more factors...
Sleuth Kit now has Windows binaries
Tuesday, September 05, 2006 12:05 PM
Oh this is kewl. The OSS project Sleuth Kit now has binaries for Windows . If you don't know, Sleuth Kit is an excellent set of OSS computer forensic tools to help you investigate data on harddisks. My favorite tool is mactime, which lets you build a...
Google developing eavesdropping software
Monday, September 04, 2006 4:05 PM
The Register reports that Google is working on software that can listen to background noise from your TV and deliver contextual advertising based on what you are watching. By converting the sound from you PC microphone into a digital fingerprint to identify...
Where fore art thou NGSCB?
Sunday, September 03, 2006 10:59 PM
A few years back, all the rage was the new advancement in trusted computing, and the "next generation secure computing base" (NGSCB).... Microsoft's software architecture to increase the security and privacy of computer users. As we all know, most of...
Dan Geer on Silver Bullet
Sunday, September 03, 2006 10:59 PM
Just finished listening to the latest Silver Bullet Security Podcast with Gary McGraw over lunch. On the show is none other than Dan Geer, Chief Scientist at Verdasys. This recent podcast is interesting in that Dan and Gary show the disconnect between...
Should Microsoft Forefront work with SBS?
Sunday, September 03, 2006 10:59 PM
With the recent announcement of Microsoft Forefront, I have had a few people now ask if this will be available for SBS. To be honest, I don't know the answer, and I don't believe Microsoft does either. Those pesky SBS devs stay very tight lipped about...
Integrating strong authentication into Microsoft technologies
Sunday, September 03, 2006 10:59 PM
One of the interesting parts of blogging is that when you aren't blogging on a consistant basis, regular readers sometimes check in to see that everything is alright. I appreciate such emails, and just want to say thanks to the people that have asked...
Microsoft Threat Analysis and Modeling Tool v2 reaches RTM
Sunday, September 03, 2006 10:59 PM
I have been using Frank Swiderski's original Threat Modeling tool for some time. If you search for "threat model" on my blog you will see plenty of stuff over the last few years on how Microsoft has matured the whole process, and how I have matured in...
The Six Dumbest Ideas in Computer Security
Sunday, September 03, 2006 10:59 PM
While listening to the latest Silver Bullet Security Podcast with Gary and Marcus Ranum I was reminded about an excellent piece of writing by Marcus on "The Six Dumbest Ideas in Computer Security". When I first read this last year, I remember thinking...
Congrats Mark!
Sunday, September 03, 2006 10:59 PM
Well, well. Congrats to Mark and the gang are in order. Microsoft, please don't kill off Sysinternals. And don't kill Mark either ;)... Read More...
Bribery to get identity integration into more open source software?
Sunday, September 03, 2006 10:59 PM
Now this is interesting. The people over at OpenID are offering a bounty of $5,000 to the first 10 open source applications that meet the following criteria: The open source must be distributed under an OSI approved license Have at least 200,000 users...
New "Silver Bullet Security Podcast" up - An Interview with... me!
Sunday, September 03, 2006 10:59 PM
Nothing like stroking your own ego by listening to yourself on the Internet. Seriously though, I had a lot of fun with Gary McGraw when he interviewed me for his Silver Bullet Security Podcast. You can listen to the interview by going here. After enjoying...
Security Model Analysis of Windows Vista
Sunday, September 03, 2006 10:59 PM
Matthew Conover, a security researcher over at Symantec, has published a new paper on the "Analysis of the Windows Vista Security Model". His paper provides an in-depth technical assessment of the security improvements implemented in Windows Vista, focusing...
A Process for Performing Security Code Reviews
Sunday, September 03, 2006 10:59 PM
So in this month's IEEE Security and Privacy magazine Michael Howard wrote an interesting article on "A Process for Performing Security Code Reviews". It's worth the read. His insights on how to prioritize what code to review first is something I think...
Work around for "Threat Analysis & Modeling v2" tool least privilege install bug
Sunday, September 03, 2006 10:59 PM
So with help from Dan Sellers and Talhah Mir over at Microsoft, I finally figured out and fixed a problem I have been having with Microsoft's latest version of the "Threat Analysis & Modeling v2" tool. It seems that a good portion of the comboboxes in...
More Posts
Next page »
Search
Go
This Blog
Home
Community
Home
Blogs
Media
Groups
Archives
June 2008 (1)
April 2008 (2)
January 2008 (7)
December 2007 (5)
November 2007 (2)
October 2007 (1)
September 2007 (1)
August 2007 (3)
July 2007 (7)
June 2007 (3)
May 2007 (3)
April 2007 (2)
March 2007 (3)
February 2007 (2)
January 2007 (9)
December 2006 (8)
November 2006 (2)
October 2006 (2)
September 2006 (23)
Syndication
RSS for Posts
Atom
RSS for Comments
Email Notifications
Go