Geeks With Blogs
ex-blog Information security world
Sorry for lack of posts last month. I was really busy at work with different projects (PKI, SC, security reviews) and tried to learn new CBK domains at home, so I basically didn't have a time to blog at all. Again, sorry. Today I had an CISSP exam (you know - 6 hours is hard ;-) after week of CBK review seminars (by Dennis Griffin) with some of Microsoft ......

I just found that I've missed a great blog by Steve Patrick (from Critical Problem Resolution team) with invaluable information on SmartCard deployment, so begin with this post - So, you want to use smart cards?. Thanks for sharing this information, Steve! [subscribed] ......

Well, it didn't take long time after SecureWorks/LURHQ and IBM/ISS deals: British Telecom acquires Counterpane.

Active Directory Certificate Server Enhancements (aka Windows PKI) in Windows Server "Longhorn" guide by Carsten Kinder with help of PKI PMs was finally released to web. This comprehensive document contains information about new PKI features in Windows Server "Longhorn" such as: Cryptography API: Next Generation (aka CNG) support in CAs to provide crypto ......

FYI - Niels Ferguson posted a link to a document with details about cryptographic algorithm that is used in BitLocker (AES-CBC with a specialized diffuser that improves the security against manipulation attacks) at System Integrity team blog ......

Good description of Daniel Bleichenbacher's attack on RSA signature implementations that may, under some common circumstances, break SSL/TLS in Matasano blog.

Joint architecture for Microsoft Network Access Protection (NAP) and Cisco Network Admission Control (NAC) interoperability is officially announced at Security Standard conference in Boston. More information is available in Cisco Network Admission Control and Microsoft Network Access Protection Interoperability Architecture whitepaper and NAP team blog ......

It's a known fact that one of the weakest links in current security systems are people, and last week very interesting paper was released as part of Midsize Business Security Guidance - How to Protect Insiders from Social Engineering Threats ......

I've missed the fact that Kevin Lam from ACE (Application Consulting & Engineering) Team (author of very interesting Accessing Network Security book about penetration testing) is now blogging - subscribed ......

According to Mark's blog post - Microsoft has acquired Wininternals and Sysinternals: developers of great troubleshooting and management tools such as Recovery Manager, Protection Manager and ERD Commander (part of Administrator Pack), free Autoruns/Process Explorer/Rootkit Revealer, and many others that are included in my must-have utilities list. ......

Michael Howard posted a link to the lecture materials from University of Washington's cryptography class. And you should pay attention to the lecturers list: Brian LaMacchia (ex-security architect for the .NET Framework and Common Language Runtime) Josh Benaloh (senior cryptographer in Microsoft Research) John Manferdelli (Distinguished Engineer, worked ......

26
Mar 06
Well, it's time to announce some changes in my professional life: Ch-ch-ChangesJust gonna have to be a different manTime may change meBut I can't trace time [by David Bowie] So, I've taken a red pill (it's just our way of saying "we've taken a job at Microsoft." ;-) and now I'm working with great people in Microsoft Consulting Services Russia team and ......

Last month Rafal Lukawiecki (Project Botticelli Ltd) made a very good presentation about 'Identification and access management in heterogeneous enterprise networks' in Moscow Microsoft office (program in russian is available here). Overview and comparison of Microsoft identity management technologies (MIIS, ADFS) was the most interesting part of this ......

Larry Osterman posted interesting discussion about checking parameters in components - Should I check the parameters to my function?. Currently I'm using school one approach (always check incoming data with IsBadXXXPtr), but: The way you check for bad pointers on Win32 is by calling the IsBadReadPtr and IsBadWritePtr API. Michael Howard calls these ......

Better late than never. I spent this New Year and russian Orhodox Christmas at beautiful Sri Lanka (Ceylon) island. Some photos from this travel are posted on my Flickr account. Weather was really great (but unsually rainy for this time of year on the south-west side of island) - especially if you compare it with Moscow weather in January (60 degrees ......

Yeap, I knew that I forget someting - David Cross announced on public.security.crypto newsgroup release of the Smart Card Base Cryptographic Service Provider as free download (also available via Windows Update): Writing a Smart Card CSP has not been trivial. This has been addressed by splitting the CSP architecture to a Base CSP and Card Module architecture. ......

Well, period of silence on this blog ended. Unfortunately I couldn't post for last three months for many reasons and I'm sorry for it :(( In this post I'll try to summarize what interesting things happened in security from my point of view (actually Valery already mentioned most of them in his blog): Peter Gutmann updated his “Godzilla crypto ......

For poor souls like me (who could not attent PDC this year ;-) - at least we can check PDC2005 slide decks [via Sam Gentile]. I'm interested in “Scrubbing Source Code for Common Coding Mistakes (FxCop and PreFast)“, “Building IPv6, Firewall, and IPsec Aware Applications“ and especially “Understanding, Enhancing, and Extending ......

12
Aug 05
Valery shared that wonderful quote from Network Security: Private Communication in a Public World last week: Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations. (They are also large, expensive to maintain, difficult to manage, and they pollute ......

As I posted recently Protect Your Windows Network book by Steve Riley and Jesper M. Johansson is available for pre-ordering. Both Michael Howard and Steve Riley posted updated information about preorder (with promo code ;-) Also yesterday I accidentially found new book by Michael, David LeBlank AND John Viega - 19 Deadly Sins of Software Security due ......

Copyright © John Doe | Powered by: GeeksWithBlogs.net | Join free