MSMVPS.COM
The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Sign in
|
Help
Home
Blogs
Media
Groups
February 2007 - Xato
Xato
Home
Syndication
RSS for Posts
Atom
RSS for Comments
Email Notifications
Go
Recent Posts
A CAPTCHA Nightmare
So many Windows to break
10 Ways to add to my paranoia
There’s always a good analogy in an old lady driving down the road dragging a mattress
Why I miss hacking
Tags
accusations
Application Security
CAPTCHA
computer+security
Cryptography
exploits
fbi
feds
General
hackers
Hacking
Hardening
Malware
NTFS
Passwords
Patch Management
Privacy
security
Security Policy
Tools
Virtual Machines
Vista
war on terror
Windows File Protection
Windows Security
View more
Archives
May 2008 (1)
April 2008 (1)
February 2008 (6)
January 2008 (4)
December 2007 (4)
November 2007 (1)
September 2007 (1)
August 2007 (4)
May 2007 (8)
April 2007 (2)
March 2007 (8)
February 2007 (17)
January 2007 (9)
December 2006 (5)
October 2006 (3)
September 2006 (3)
March 2006 (1)
Sort by:
Most Recent
|
Most Viewed
|
Most Commented
Why Symantec Cannot Always be Trusted
Ok, this issue started with an article by Symantec titled “An Example of Why UAC Prompts in Vista Can’t Always Be Trusted.” After that, Thor (Hammer of God) posted his opinion on Bugtraq, which prompted a few other responses. So I decided...
Published
Tue, Feb 27 2007 9:49 PM
by
MBs Windows Security
Filed under:
Windows Security
,
Malware
Really, Vista Security Isn’t Lame
Recently a friend was complaining to me about the “screen flickering” that occurs whenever a User Account Control (UAC) prompt comes up in Vista and he wanted to know how to turn it off—not UAC, just the dimming and flickering effects. He...
Published
Sun, Feb 25 2007 4:25 PM
by
MBs Windows Security
Filed under:
Windows Security
,
Hardening
,
Malware
,
NTFS
,
Uncategorized
,
Windows File Protection
Is UAC a Fence That Falls Short?
When I was a teenager in California there was private oil pier near Rincon that we liked to jump off. It was great—you’d throw your surf board off first so there was no backing out, because it was scary looking down at the dark green ocean so far below...
Published
Mon, Feb 19 2007 1:50 PM
by
MBs Windows Security
Filed under:
Windows Security
,
Hardening
,
Malware
More on Program.exe
I thought I would add a bit more to my original post to clarify the problem. Half of the problem is the way Windows searches paths, and the other half is software developers who don’t quote their paths in the Registry or when calling CreateProcess...
Published
Sat, Feb 17 2007 6:57 PM
by
MBs Windows Security
Filed under:
Hardening
,
Malware
The Program.exe Problem
A couple years ago I mentioned in a SecurityFocus column that Windows has a problem when you put a file named “program.exe” in the system root directory. The problem is basically in how it deals with spaces in paths that don’t have quotes...
Published
Sat, Feb 17 2007 1:30 PM
by
MBs Windows Security
Filed under:
Hardening
,
Malware
,
Application Security
,
Tools
Be Smarter with Account Names
One thing that bothers me about many web sites out there is how I get to (or don’t get to) choose my account name. Sure, many web sites let you have any account name you want, but some web sites just want to use your e-mail address. While this is...
Published
Thu, Feb 15 2007 7:28 PM
by
MBs Windows Security
Filed under:
Application Security
Patterns & Practices Security Wiki
If you do any kind of .NET web development, it would be well worth your time to dig through Microsoft’s Patterns & Practices Security Wiki The Wiki is a good index of old articles and a launching point for new articles on secure web development...
Published
Thu, Feb 15 2007 5:36 PM
by
MBs Windows Security
Filed under:
Application Security
Why my password’s better than Y0ur P@$$word
http://www.nurs.co.uk/news/specials/cms/1171535504212694732419_1.htm Read More...
Published
Thu, Feb 15 2007 1:00 PM
by
MBs Windows Security
Filed under:
Passwords
Creating Free 3rd Party Certificates
There are many ways you can use digital certificates in Windows. The only problem is that it often involves either having your own CA, paying for certificates from a trusted CA or, the worst option, using self-signed certificates. Fortunately, there is...
Published
Tue, Feb 13 2007 8:45 PM
by
MBs Windows Security
Filed under:
Windows Security
,
Cryptography
Time for a Windows Cleanup
I have always been annoyed with the huge number of files under the Windows directory, but I was very surprised when I looked at my Windows directory under Vista: 39,609 files and 7,411 folders! Read More...
Published
Mon, Feb 12 2007 4:28 PM
by
MBs Windows Security
Filed under:
Windows Security
,
Hardening
,
Windows File Protection
New Passwords Feed
I was playing around with the cool new Yahoo! Pipes site and built myself a feed on password topics. I’m sure I will be tweaking it some as I learn how to use pipes, but I thought I’d pass my pipe around to others who are interested in passwords...
Published
Fri, Feb 09 2007 2:17 PM
by
MBs Windows Security
Filed under:
Passwords
Now it’s Vista’s Firewall’s Fault?
The release of Windows Vista seems to have brought on a tremendous amount of criticism. Of course, CNET has yet another article with an apparent anti-microsoft agenda. The article criticizes the fact that Vista’s firewall does not block outgoing...
Published
Wed, Feb 07 2007 1:02 AM
by
MBs Windows Security
Filed under:
Windows Security
My SSN is showing?
I got an e-mail earlier this week from a financial web site. The e-mail displayed the last 4 digits of my U.S. social security number. Presumably, they didn’t show the entire number for security reasons, but I wondered how secure that really is...
Published
Tue, Feb 06 2007 6:34 PM
by
MBs Windows Security
Filed under:
Privacy
,
Application Security
Don’t buy Vista for the security?!
This absurd article at cnet claims that security experts don’t recommend buying Windows Vista for the security features. The article tries to cast doubt on the effectiveness of new security features in Vista. But I disagree. I think security experts...
Published
Mon, Feb 05 2007 2:13 PM
by
MBs Windows Security
Filed under:
Windows Security
The Application Experience Lookup Service
If you have ever locked down a Windows 2003 or Vista machine you have probably run across the Application Experience Lookup Service, also known as Application Experience or AeLookupSvc. The documentation on this service is pretty vague and sometimes contradictory...
Published
Mon, Feb 05 2007 1:03 PM
by
MBs Windows Security
Filed under:
Hardening
Yet another failed CAPTCHA?
Today I ran across a Firefox add-on that automatically fills out the CAPTCHA form when you log in: https://addons.mozilla.org/firefox/4381/ Although some might think this is convenient, it obviously shows that eBay’s CAPTCHA, like so many others...
Published
Fri, Feb 02 2007 6:02 PM
by
MBs Windows Security
Filed under:
Application Security
Using Filescreens for Server Lockdowns
I recently got a chance to play around with file screens feature in Windows Server 2003 R2 and found it to be very interesting. Although it appears to be designed to provide general content control on a file server, it has some features that allow you...
Published
Thu, Feb 01 2007 6:42 PM
by
MBs Windows Security
Filed under:
Hardening
Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.