Yet another Flash Update

Fresh from a Flash security update released on patch Tuesday, yesterday Adobe released another security update for Flash. The security bulletin is here. “These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.”


via Sophos (and they found it via reddit) If you try to change set your password to “correcthorsebatterystaple” at dropbox, you’ll be advised that you shouldn’t take password advice quite so literally.   See the Sophos link for screenshots. XKCD had a cartoon about passphrase generation.  I recall at the time predictions that people would …

Continue reading ‘correcthorsebatterystaple’ »


I’m doing an eval with a cloud based web security product.   This disclaimer in the click-through agreement caught my eye. [vender]  cannot and does not guaranty the privacy, security, integrity or authenticity of any information transmitted over or stored in any system connected to or accessible via the Internet, or otherwise, or that any security …

Continue reading ‘Disclaimers’ »

An Early Employee Looks Back at Facebook

Katherine Losse was employee 51 at Facebook.   She rose from a position as an early customer service rep to become ghostwriter on Zuckerberg’s blog.  Disenchanted with amount of information gathered on users, and also the influence Facebook has on personal communication, Losse left Facebook and wrote a book, “The Boy Kings: A Journey Into the Heart of the …

Continue reading ‘An Early Employee Looks Back at Facebook’ »

Dropbox Spam

he Dropbox blog reports that some accounts one their system were compromised using credentials found in other password breacThes. Lesson 1 : When you run a big public service, your security team may want to find lists of stolen accounts.  Either cracking hashes themselves or being plugged in with those that do.   But at the very least …

Continue reading ‘Dropbox Spam’ »


I get frustrated when I’m at other websites and they have commenting systems that only allow comments from authenticated users. I was over at another website, and they had a Microsoft bashing headline that didn’t match the article. I figured it was worth a comment, but my choices were Twitter, Facebook, Google+ and Discuss. Facebook gives …

Continue reading ‘Comments’ »