What is a Vulnerability?

In discussions and meetings with other information security professionals, I hear a lot of misinformation. I’m a geek and like to be more precise, rather than less.  The use of the term vulnerability is a special pet-peeve of mine.  The core of information assurance is making sure you don’t have serious vulnerabilities. So, what exactly […]
Read More ›

Encrypt Early, Encrypt Often

My last post was about malicious update notices that pop up when using public network connections. I advised checking digital signatures on the updates. I want to add to that and expand a bit on public communication channels and storage. First, when you use a public network, wired or wireless, your data may not be […]
Read More ›

Bypassing User Activation Controls

My last blog about User Activation Controls suggested that they were of little help, even when they work.  After all, user data (your documents, spreadsheets and such) are the most valuable things you have.  Now, we’ll just trash UAC by bypassing it.  We’ll do this by relying on a flaw:  Microsoft loves itself. Remember, UAC […]
Read More ›

Move to The Cloud and Forget Your Passwords!

Wait, what? That isn’t like moving to Minnesota and then losing your mittens. Instead, move to Miami and never need mittens! Face it, passwords are pretty useless. If a human selected it, another human has a good chance of guessing what it is. If a computer generated a password that a human can’t guess, then […]
Read More ›

User Account Controls and False Security

It’s true that our friends at Microsoft have come a long way toward implementing good security. No, really.  Adobe and Oracle/Java have become the big targets of cyberthieves.  MS operating systems no longer regularly cause the Blue Screen of Death. And, ta-da, we have User Activation Controls to protect us. UAC, as it is called, […]
Read More ›

Type to search blog.learningtree.com

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.