Archive for May, 2005

Netscape 8: More Security Choices

Sunday, May 29th, 2005

The front page at browser.netscape.com proudly announces:
The All New Netscape Browser 8.0
Speed, Flexibility and More Security Choices Than Any Other Browser
Speed: Good.
Flexibility: Good.
More Security Choices Than Any Other Browser: What ninny decided this was a positive feature?

Microsoft’s Folly

Thursday, May 26th, 2005

Adam Shostack mentioned the previous post (Hi, Adam!) and noted that Microsoft is “aggressively promoting” the myth that software is unconstrainable.  The first of their so-called Ten Immutable Laws of Security says
Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
Totally false.

Zaptastic Author Misses the Point

Thursday, May 19th, 2005

It’s nice how The Internets have a way of offering me real-life examples, like a cat leaving a dead bird on the doormat, only moments after i’ve been talking about something.  Thank you, Internets.
Recently, to demonstrate a security problem in the new Dashboard feature in Mac OS 10.4, Stephan Meyers created a “slightly evil” [...]

Security Carnival

Monday, May 16th, 2005

“The Armed Butler” is featured in the first Security Carnival, by Kyle Maxwell.  Check it out for links to other interesting articles related to security.

The Armed Butler

Thursday, May 12th, 2005

Read a typical news article about computer security and you will see words like “attack” and “defend.” People speak of software being “strengthened” or “hardened” as though it were some kind of physical substance.  That might cause one to envision cannonballs smashing into the high walls of a fortress, where the only hope [...]

Dangerous Analogies

Wednesday, May 11th, 2005

Argument by analogy is common in discussions of computer security.  It’s often a useful way to reason about things, but sometimes an analogy can mislead you.  I think a large class of misunderstandings about computer security are due to recurring problems in drawing analogies between what goes on in a computer and what [...]