Gmail’s State Sponsored Attack Warning

This week, after logging into my Gmail, I was greeted by the message below. “Warning: We believe state-sponsored attackers may be attempting to compromise your account.” In June, Google announced plans for this sort of attack.  At that time, I expected these alerts to be seen by Tibetans targeted by China.   It’s not the …

Continue reading ‘Gmail’s State Sponsored Attack Warning’ »

Dr. Johannes Ullrich and the Principle of Least Priviledge

In an article posted this afternoon at Forbes, Dr. Ullrich compares network professionals who disable unneeded features with slumlords.   He starts comparing a Bible for Section 8 landlords with network security.   For those who don’t know, Section 8 housing  is housing for the poor that is government subsidized.   So, I guess he is also comparing users to …

Continue reading ‘Dr. Johannes Ullrich and the Principle of Least Priviledge’ »

Get your Java While Its Hot

Oracle released Java JRE 1.7 update 7 and 1.6 update 35 today patching critical security holes. Most security professionals recommended disabling Java or removing it while waiting for this update.   So if you’ve ignored that advice, you need to upgrade as soon as possible.

Yet another Flash Update

Fresh from a Flash security update released on patch Tuesday, yesterday Adobe released another security update for Flash. The security bulletin is here. “These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.”


via Sophos (and they found it via reddit) If you try to change set your password to “correcthorsebatterystaple” at dropbox, you’ll be advised that you shouldn’t take password advice quite so literally.   See the Sophos link for screenshots. XKCD had a cartoon about passphrase generation.  I recall at the time predictions that people would …

Continue reading ‘correcthorsebatterystaple’ »


I’m doing an eval with a cloud based web security product.   This disclaimer in the click-through agreement caught my eye. [vender]  cannot and does not guaranty the privacy, security, integrity or authenticity of any information transmitted over or stored in any system connected to or accessible via the Internet, or otherwise, or that any security …

Continue reading ‘Disclaimers’ »