John Girard (a coworker) sent me this.
I sometimes criticize vendors for bad practices. This is the opposite- taking customer service well beyond the customer’s expectations *[Email:]: Email *[Twitter:]: Twitter *[Phone:]: Phone
Arthur over at Emergent Chaos posted an amusing story on an organization’s reason for switching to Macs.
It’s security. Just not necessarily what we mean when we say Macs are more secure.
A little birdie pointed me to the latest post over at the Metasploit blog.
For those of you that don’t know, Metasploit is the best thing to hit penetration testing since sliced bread. To oversimplify, it’s a framework for connecting vulnerability exploits to payloads. Before Metasploit it was a real pain to convert a new vulnerability into an actual exploit. You had to figure out how to trigger the vulnerability, figure out what you could actually do once you took advantage of the…
Before I delve into this topic I’d like to remind readers that I’m a Mac user and Apple fan. We are a 2 person, 2 Mac, 3 iPod, 2 Airport Express household, with another Mac in the plans this spring. By the same token I don’t think Microsoft is evil and consider some of their products to be quite good. That said I prefer OS X and have no plans to switch to Vista, although I’ll probably run it in a virtual machine on my Mac.
I’ve noticed a marked decrease in the customer service from my phishers. Lately spam messages have been originating from “On-line Bank” and other generic addresses. Spelling mistakes are returning, and links no longer even pretend to go to a real bank’s site.
Stiennon covered the McAfee/Onigma deal over at Threat Chaos this weekend. Although I knew about the deal I try and avoid vendor/industry coverage here at Securosis, and, to be honest, it really isn’t worth covering. (Onigma is tiny and agent based, not really the direction the market is heading, and by the time McAfee integrates the tech they’ll be WAY behind the ball).
Microsoft is making key changes to Vista to avoid antirust problems.
They’re adding an API to PatchGuard, and loosening control on the Security Center.
Shimel has a good post on the whole 0day vulnerability thing.
He nails it. This has been a pet peeve of mine for a long time. A real 0day isn’t the time from when a vulnerability is announced until a patch is released.
While I was out running around the country, turns out there was an interesting security article in my own backyard.
Seems the local school system can’t keep up with those innovative students exploring their network. A students was caught after hacking a teacher’s computer to steal a copy of an upcoming test.
I picked up the ever-ubiquitous USA Today sitting in front of my hotel room door this morning and noticed an interesting article by Jon Swartz and Byron Acohido on cybercrime markets. (Full disclosure, I’ve served as a source for Jon in the past in other security articles). Stiennon over at Threat Chaos is also writing on it, as are a few others. About 2-3 years ago I started talking about the transition from experimentation to true cybercrime. It’s just one of those unfortunate natural…