Larry Seltzer

Businesses are concerned about security, but which are the biggest and what are their strategies. Symantec explores these questions in their 2011 State of Security Survey.

Symantec commissioned Applied Research to conduct the survey in April and May of 2011. Thirty-three hundred organizations worldwide, across a range of industries and sized from 5 employees to many thousands were surveyed. Sixty-five percent of the organizations had 500 or more employees, weighing the survey heavily towards large organizations in terms of total seats.

Continue reading →

Fourth in a series. I remember something from the Windows XP rollout in New York City. At the Marriott Marquis in Times Square, Gateway gave out these. Mo-o-o-o-o.

I recall that it was common to criticize XP early on as being a minor update to Windows 2000, as in Windows 2000.1. There may have been something to that, but the operating system developed into much more.

Continue reading →

It was probably a slip-up and appears to have been taken down, but a Chinese documentary on cyber-warfare shows attacks being performed against US-based Internet properties of Falun Gong and other organizations banned in China. Thanks to F-Secure for passing this on, although they appear to have picked it up from the Epoch Times.

The video was entitled "Military Technology: Internet Storm is Coming" and was published on the Government-run TV channel CCTV 7, Military and Agriculture (at military.cntv.cn). According to F-Secure the specific URL was:

Continue reading →

What, another major Firefox release? Tuesday will see the release of Firefox 6.0, eight weeks after the release of 5.0 and less than 5 months after the release of 4.0 which they have already end-of-lifed.

It's all Google's fault. Version 1 of Chrome released on December 11, 2008. Here we are, less than 1,000 days later, with version 13 as the stable release. Of course Mozilla is the descendant of Netscape which invented the idea of releasing products formally designated as beta, which Google extended to having some products never leave beta. Together the two have taken any meaning out of version numbers.

Continue reading →

When you set up a new Windows system, especially an XP system, you may be faced with a titanic load of updates to apply to it in order to bring it up to date. If you don't have a loaded-up WSUS server or similar system this means pulling potentially hundreds of megabytes over your Internet connection, and multiple reboots. Microsoft could make it a lot easier.

F-Secure just brought this up by asking for an "update rollup" for Windows XP SP3. A perfectly reasonable request if ever there were one. When they set up a minimal install of XP SP3 (e.g. no calc.exe) in a VM they have to apply 157 updates after SP3. As they point out, SP3 itself was basically just an update rollup. So why doesn't Microsoft do more?

Continue reading →

If the security of your system depends on users making intelligent security decisions then you're basically doomed. After all these years of experience with end users on the Internet we know that they can't be trusted to make those decisions correctly. At least not often enough.

That's why the best security technologies are the ones that happen in spite of the user. These have been a focus for Microsoft over the last 10 years and remain the last, best hope of userdom.

Continue reading →

Amazon can't keep running away from states that require sales tax collection. Even they are now supporting a Democratic proposal to create an interstate agreement for standardized and simplified collection of taxes. Everyone's a winner except for those of you who have not been paying the use tax you're supposed to pay. It's a good and fair idea and it has no chance whatsoever of passage.

The remote buyer sales tax problem is an old one going back to the days of mail order and catalogs. The Internet has made it worse for states because the volume is so much greater, but the nature of the problem hasn't really changed. In that sense, the established court precedents might seem to close the books on the case.

Continue reading →

According to Xinhuanet (the official Chinese news agency) "Taiwanese technology giant Foxconn will replace some of its workers with 1 million robots in three years to cut rising labor expenses and improve efficiency, said Terry Gou, founder and chairman of the company, late Friday".

This is an old story and you could see it coming for Foxconn. A few months ago when I talked about the problem of labor conditions at Foxconn, where products for Apple, Sony, Nokia and others are made, I suggested that a need to improve labor conditions might end up with a lot of jobs being eliminated. This seems to be the case.

Continue reading →

Bigfoot, the Loch Ness Monster, aliens with anal probes, and Mac malware: long-rumored, but short on confirmed sightings. Until recently.

In May we had our first genuine Mac malware outbreak with Mac Guard a.k.a. MacDefender and a bunch of other names. It followed the tried-and-true Windows malware method of fake anti-malware software. Once installed, it caused a lot of problems and then demanded money to solve them. Apple created a signature check system that can't really work in the long run, but within a few weeks the attacks ran their course. They weren't followed up, at least not in a big way.

Continue reading →

Personally, I never understood what got people so excited about Barack Obama. But back in 2008 people were positively gooey about him, and one of the lesser reasons was "cybersecurity". Obama "got it". He understood the deadly seriousness of this business.

In July, 2008 then-Senator Obama told a gathering at Purdue University: "As President, I'll make cybersecurity the top priority that it should be in the 21st century. I'll declare our cyber-infrastructure a strategic asset, and appoint a National Cyber Advisor who will report directly to me. We'll coordinate efforts across the federal government, implement a truly national cyber-security policy, and tighten standards to secure information - from the networks that power the federal government, to the networks that you use in your personal lives".

Continue reading →

Are our computers too smart for our own good? That's the question I'm asking myself after reading Charlie Miller's "Battery Firmware Hacking" paper. Miller showed how you can write programs to render an expensive notebook battery worthless. You might even be able to blow one up.

How could this be? What design error in the system made it possible? None. Miller wrote programs based on published documentation for chips conforming to a popular standard. But there is one key mistake by Apple that makes the whole thing a lot worse.

Continue reading →

Would you like to take advantage of Google's worldwide network of fast proxy servers, not to mention their coding expertise? Now you can, and for free, just by signing up for a service of theirs.

Two years ago Google released the Page Speed Browser Extensions for Chrome and Firefox. These gave web developers performance analysis on their pages to help them optimize their sites based on a set of best practices developed by Google.

Continue reading →

Windows Phone 7.5, code-named 'Mango', has been released to manufacturing according to a blog entry by Microsoft's Terry Myerson, Corporate Vice President, Windows Phone Engineering.

Continue reading →

The premier event on the software vulnerability research calendar is the Pwnie Awards ceremony (it's pronounced "pony"). The 2011 nominees include critical vulnerabilities in Microsoft ASP.NET, iOS, Google Chrome, Java, the Linux kernel, and an award for special achievement in insecurity to Sony.

Read the nominations page for the full list. Here are my selections:

Continue reading →

Adobe and Apple used to be partners, with the maker of Photoshop being one of the biggest third-party Mac developers. Then Apple started releasing digital products that competed with its partner, and CEO Steve Jobs came out against Adobe Flash.

Now the companies have quite the overlap in their customer bases and there's still a lot there, but Apple is doing its best to stop that.

Continue reading →