Archive for 'Best practices' Category
DNS security talk
I spoke on DNS security at the March 16 meeting of the Ottawa Area Security Klatch (OASK). This was updated version of my famous “Seven Deadliest Sins” talk, intended for a technical audience. The slides with speakers notes are here: DNS Security: The Seven Deadliest Sins OASK is a new security group in Ottawa. It’s [...]
Read the rest of this entry...The most effective malware prevention
Three years ago I wrote The most important Windows security tool, detailing why changing user accounts on Windows from being Local Administrator to a “standard user” (no local admin rights) is the single most effective thing you can do to prevent malicious software. Over at InfoWorld, Roger Grimes has written The one essential truth of [...]
Read the rest of this entry...DNS security: The seven deadliest sins
Soon it will be the one year anniversary of the release of Dan Kaminsky’s fun little DNS security flaw. In honor (?) of that that, I gave a quick presentation last week to the Ottawa CitySec group on Domain Name System security. Since the Kaminsky issue has been pretty well covered, I focused on all [...]
Read the rest of this entry...Securing DNS with a validating resolver
Few ISPs and web hosting providers pay attention to their DNS servers. Most use the same servers both to serve the domains they host and to perform name resolution (translating DNS names to IP addresses and vice versa). Many also allow recursive queries from anyone on the Internet, making DNS spoofing much easier. We’ve had [...]
Read the rest of this entry...The state of code signing in Open Source
Time for an update. A while ago I looked at which leading open source projects sign their releases with strong cryptographic signatures using GPG or PGP. I revisted each project to see if anything had changed, and also surveyed a few more popular ones:
Read the rest of this entry...