Keysweeper – Microsoft Wireless Keyboard Sniffing

Its kind of funny when I read The Drudge Report links related to Information Security. Today, he links to a VultureBeat article on KeySweeper. Keysweeper is a project, standing on the shoulders of other work, to create what appears to be a USB wall charger, but is actually logging keystrokes from nearby Microsoft wireless keyboards. …

Continue reading ‘Keysweeper – Microsoft Wireless Keyboard Sniffing’ »

Windows 8 Group Policy to prevent Dual Home

After years of refusing customers demands to be able to block wireless connections when on a wired network, Microsoft has finally relented in Windows 8. A blog post by Tal Sarid, a Microsoft Consultant, Windows 8 has new policy to prevent users from being connected to your corporate network and an external wireless network–and vise versa! …

Continue reading ‘Windows 8 Group Policy to prevent Dual Home’ »

Death to RSA keys under 1024 bits

Tomorrow Microsoft will release update 2661254 to block keys that are less than 1024 bits. Microsoft has mentioned this since June and I covered it in one of the podcasts.  Bit strength of less than 1024 is considered insecure because it is feasible to derive the private key quickly enough to be worthwhile.   Current best practice …

Continue reading ‘Death to RSA keys under 1024 bits’ »

Microsoft on disabling wireless cards

I think it is important to disable wireless cards in laptops when a wired connection is present.   Microsoft doesn’t.   Steve Riley wrote about this back in October 2008.   I blogged about that then.   Now in a post signed by David Pracht but posted under MichaelPlatts’ userid, the Microsoft Enterprise Networking Team argues that it is no big deal to …

Continue reading ‘Microsoft on disabling wireless cards’ »

Windows 8 Patch Reboot Policy

I’m kind of confused by the headlines that Microsoft is streamlining the security update process in Windows 8 resulting in less reboots. One could easily conclude from the headline that Microsoft has gone to work to make it less necessary to reboot when updates are applied.   Instead they are saving up reboots until patch Tuesday. It …

Continue reading ‘Windows 8 Patch Reboot Policy’ »

Who would have thought that could end badly

The Federal Desktop Core Configuration blog (actually Microsoft’s USGCB Tech Blog, my Google Reader hasn’t updated the blog title) has a post on the risks of enabling “Initialize and script ActiveX controls not marked as safe” in any Internet Explorer security zone. Prior to Windows 7, our IE security policy was the wild west.    “Do whatever …

Continue reading ‘Who would have thought that could end badly’ »

Patch Tuesday

Mozilla took mercy on us and wont have their previously announced updates for Firefox and Thunderbird ready until next week. Adobe took up the slack by releasing updates for Adobe Flash and Shockwave in addition to the previously announced updates for Adobe Acrobat and Reader.    I was wondering about an Adobe AIR update.   Seems like …

Continue reading ‘Patch Tuesday’ »