Larry Seltzer

Personally, I never understood what got people so excited about Barack Obama. But back in 2008 people were positively gooey about him, and one of the lesser reasons was "cybersecurity". Obama "got it". He understood the deadly seriousness of this business.

In July, 2008 then-Senator Obama told a gathering at Purdue University: "As President, I'll make cybersecurity the top priority that it should be in the 21st century. I'll declare our cyber-infrastructure a strategic asset, and appoint a National Cyber Advisor who will report directly to me. We'll coordinate efforts across the federal government, implement a truly national cyber-security policy, and tighten standards to secure information - from the networks that power the federal government, to the networks that you use in your personal lives".

Continue reading →

Are our computers too smart for our own good? That's the question I'm asking myself after reading Charlie Miller's "Battery Firmware Hacking" paper. Miller showed how you can write programs to render an expensive notebook battery worthless. You might even be able to blow one up.

How could this be? What design error in the system made it possible? None. Miller wrote programs based on published documentation for chips conforming to a popular standard. But there is one key mistake by Apple that makes the whole thing a lot worse.

Continue reading →

Would you like to take advantage of Google's worldwide network of fast proxy servers, not to mention their coding expertise? Now you can, and for free, just by signing up for a service of theirs.

Two years ago Google released the Page Speed Browser Extensions for Chrome and Firefox. These gave web developers performance analysis on their pages to help them optimize their sites based on a set of best practices developed by Google.

Continue reading →

Windows Phone 7.5, code-named 'Mango', has been released to manufacturing according to a blog entry by Microsoft's Terry Myerson, Corporate Vice President, Windows Phone Engineering.

Continue reading →

The premier event on the software vulnerability research calendar is the Pwnie Awards ceremony (it's pronounced "pony"). The 2011 nominees include critical vulnerabilities in Microsoft ASP.NET, iOS, Google Chrome, Java, the Linux kernel, and an award for special achievement in insecurity to Sony.

Read the nominations page for the full list. Here are my selections:

Continue reading →

Adobe and Apple used to be partners, with the maker of Photoshop being one of the biggest third-party Mac developers. Then Apple started releasing digital products that competed with its partner, and CEO Steve Jobs came out against Adobe Flash.

Now the companies have quite the overlap in their customer bases and there's still a lot there, but Apple is doing its best to stop that.

Continue reading →

There is a lot of buzz about a recent set of tests by NSS Labs that show the Smartscreen reputation system in Internet Explorer 9 head and shoulders and most of the rest of the body above the competition in blocking malware on the web.

I think the results of the test are even more important than they seem, considering previous reports that Microsoft plans to make Smartscreen a base part of Windows 8. This would extend parts of the protection to any executable hitting the file system. This would be big news.

Continue reading →

Perhaps stung by the reaction to recent statements and actions, Mozilla has announced that they are taking the old Mozilla Enterprise Working Group out of virtual mothballs.

The MEWG is a forum where Mozilla developers can interact with Enterprise IT and developers to discuss their needs and experiences with Mozilla software. It is supposed to include a monthly conference call in addition to online forums, but there hasn't been a meeting in almost 4 years.

Continue reading →

When things go wrong with your Windows PC, or someone else's, you don't want to fish around or Google for the appropriate tool. Have it right there when you need it, and you'll feel clever for it.

I usually carry a key ring of USB thumb drives with me with a variety of tools on them. Yes, some people laugh at me for it, but they turn out to be handy more often than you'd think.

Continue reading →

I stopped following the spam problem in detail a while ago, but assumed that China was a major source of the stuff.

It just sort of seems like it would be, but it turns out this is no longer the case.

Continue reading →

Everyone, led by Vice President Whatshisname, wants to use their iPhone on the corporate network. Don't IT security people have enough problems? But the onslaught of unsecurable consumer devices in the enterprise is probably unstoppable.

A new study by IDC sponsored by Unisys looks at the problem of consumer devices invading the enterprise. The authors of the study come out of it upbeat, but it scares the bejeezus out of me. Put simply, these devices -- by which I basically mean those running iOS or Android -- were not designed to be secure and manageable. There are efforts to make them secure and manageable, but these are, generously-construed, version 1.0 efforts. It's obvious to me that these devices will create many severe security problems for enterprises, but the forces of consumerization cannot be stopped. Too many people want to use them, security be damned. Even the White House got them.

Continue reading →

Many of the worst problems on the Internet are probably unsolvable, at least as a practical matter. One of the favorite models to imagine our way out of this ordeal is to start over with a new and more "secure" Internet. Sadly, this is an even less practical idea than fixing the one we have.

The latest to dare to imagine this dream is U.S. Cyber Command chief Gen. Keith Alexander who wants a ".secure" network for critical infrastructure: ".secure would require visitors to use certified credentials for entry and would do away with users' Fourth Amendment rights to privacy. Network operators in the financial sector, for example, would be authorized to scan account holders' traffic content for signs of trouble. The current Internet setup would remain intact for people who prefer to stay anonymous on the Web".

Continue reading →

A personal experience of mine makes me wonder about Google Apps and Google's ability to support it properly. I try to minimize complaining about my own vendors, but this incident was handled badly.

I had to pull rank to get an answer.

Continue reading →

Confirming rumors that have circulated for months, Verizon Wireless says that Thursday, July 7 it will no longer offer an unlimited data plan for smartphones according to a report in FierceWireless.

The new plans will have 4 options:

Continue reading →

Chinese authorities in the southwest city of Chongqing are working with a group of Western companies, including Cisco Systems, to build a surveillance network of as many as 500,000 cameras over an area of 400 square miles, Wall Street Journal reports today.

What comes to mind at first is the use of such a network, including servers and software for the police to monitor them, to control political dissent. But surveillance systems can be used for legitimate purposes as well, even by police. Some are used for traffic control and monitoring, some for crime fighting and prevention.

Continue reading →