tag:broadcast.oreilly.com,2008-08-07://53 2009-02-16T15:00:00Z Movable Type Pro 4.21-en tag:broadcast.oreilly.com,2009://53.35329 2009-02-16T15:00:00Z 2009-02-16T15:00:00Z

On Valentine's Day, I found myself 500 miles away from my two daughters (10 and 7). I'd already decided to get them a gift certificate from Amazon, with an e-greeting. Amazon has so much stuff, both kids could easily get...

John Viega http://www.stonewallsoftware.com/ On Valentine's Day, I found myself 500 miles away from my two daughters (10 and 7). I'd already decided to get them a gift certificate from Amazon, with an e-greeting. Amazon has so much stuff, both kids could easily get... tag:broadcast.oreilly.com,2009://53.35095 2009-01-23T15:50:31Z 2009-01-23T15:50:31Z

I was pretty amused recently when two people I respect went at each other over vulnerability disclosure, quickly devolving into name-calling. It's always fun to watch a flame war (nobody got compared to Hitler, but one person did get compared...

John Viega http://www.stonewallsoftware.com/ I was pretty amused recently when two people I respect went at each other over vulnerability disclosure, quickly devolving into name-calling. It's always fun to watch a flame war (nobody got compared to Hitler, but one person did get compared... tag:broadcast.oreilly.com,2009://53.34949 2009-01-12T19:00:00Z 2009-01-12T19:00:00Z

Bruce Schneier has earned his reputation as IT Security's top pundit -- but I'd like to make a plea for Schneierists to not accept every word he has written as utterly factual (even though he does totally rock).

John Viega http://www.stonewallsoftware.com/ Bruce Schneier has earned his reputation as IT Security's top pundit -- but I'd like to make a plea for Schneierists to not accept every word he has written as utterly factual (even though he does totally rock). tag:broadcast.oreilly.com,2009://53.34815 2009-01-01T15:08:32Z 2009-01-01T15:08:32Z

The Internet is still broken, but no more broken than normal. The risk level is acceptable for the average user, even though if a single user were being targeted, there's a good chance an attack would be successful. This is how it's always been. Let's go back to our lives.

John Viega http://www.stonewallsoftware.com/ The Internet is still broken, but no more broken than normal. The risk level is acceptable for the average user, even though if a single user were being targeted, there's a good chance an attack would be successful. This is how it's always been. Let's go back to our lives. tag:broadcast.oreilly.com,2008://53.34799 2008-12-30T16:26:08Z 2008-12-30T16:26:08Z

In my last post I talked about how anybody with enough money (a small 6-figure sum) could create a rogue certification authority (CA). This would allow them to generate certificates for any web site that seem to be genuine. That...

John Viega http://www.stonewallsoftware.com/ In my last post I talked about how anybody with enough money (a small 6-figure sum) could create a rogue certification authority (CA). This would allow them to generate certificates for any web site that seem to be genuine. That... tag:broadcast.oreilly.com,2008://53.34795 2008-12-30T09:25:18Z 2008-12-30T09:25:18Z

Any major changes to the way we establish trust are probably too big to actually happen. That leaves the Internet fundamentally broken.

John Viega http://www.stonewallsoftware.com/ Any major changes to the way we establish trust are probably too big to actually happen. That leaves the Internet fundamentally broken. tag:broadcast.oreilly.com,2008://53.34775 2008-12-26T19:47:56Z 2008-12-26T19:47:56Z

The biggest problem with host-based security has always been what happens when your protection fails. And yes, all traditional host-based protections will have the potential for failure, especially when you consider that it's generally easy to trick users into installing...

John Viega http://www.stonewallsoftware.com/ The biggest problem with host-based security has always been what happens when your protection fails. And yes, all traditional host-based protections will have the potential for failure, especially when you consider that it's generally easy to trick users into installing... tag:broadcast.oreilly.com,2008://53.34702 2008-12-18T08:38:05Z 2008-12-18T08:38:05Z

Traditionally when security experts talk about snake oil products, they are usually only brave enough to call out products from dubious companies that make claims that are obviously false... almost always around cryptography. Few people call out venture-backed companies with well-known people on the management team.

John Viega http://www.stonewallsoftware.com/ Traditionally when security experts talk about snake oil products, they are usually only brave enough to call out products from dubious companies that make claims that are obviously false... almost always around cryptography. Few people call out venture-backed companies with well-known people on the management team. tag:broadcast.oreilly.com,2008://53.34530 2008-12-04T17:44:58Z 2008-12-04T17:44:58Z

One of the most pervasive security technologies that doesn't work very well is the intrusion detection/prevention system. To get value out of an intrusion detection system, you need to be able to at least separate out some of the good alerts from the many irrelevant ones.

John Viega http://www.stonewallsoftware.com/ One of the most pervasive security technologies that doesn't work very well is the intrusion detection/prevention system. To get value out of an intrusion detection system, you need to be able to at least separate out some of the good alerts from the many irrelevant ones. tag:broadcast.oreilly.com,2008://53.34481 2008-12-01T12:05:48Z 2008-12-01T12:05:48Z

I've been operating almost exclusively on a Mac since OS X came out. I grew up in Unix, and never liked the lack of usability in Windows, so it was a good fit. However, I don't have any particular interest in making Apple look better than it really is, particularly when it comes to security.

John Viega http://www.stonewallsoftware.com/ I've been operating almost exclusively on a Mac since OS X came out. I grew up in Unix, and never liked the lack of usability in Windows, so it was a good fit. However, I don't have any particular interest in making Apple look better than it really is, particularly when it comes to security. tag:broadcast.oreilly.com,2008://53.34277 2008-11-24T16:19:14Z 2008-11-24T16:19:14Z

At 7:30 eastern this morning, one of my brothers called to tell me that he is, "being attacked by hackers." He was about to fall prey to a common scam. He did have some bad stuff on his computer (his existing anti-virus had indeed failed him), but it was trying to get him to pay to remove itself and a bunch of phantom viruses that didn't really exist.

John Viega http://www.stonewallsoftware.com/ At 7:30 eastern this morning, one of my brothers called to tell me that he is, "being attacked by hackers." He was about to fall prey to a common scam. He did have some bad stuff on his computer (his existing anti-virus had indeed failed him), but it was trying to get him to pay to remove itself and a bunch of phantom viruses that didn't really exist. tag:broadcast.oreilly.com,2008://53.34236 2008-11-20T18:24:26Z 2008-11-20T18:24:26Z

Earlier this week, Microsoft announced that they're going to stop selling their consumer security product OneCare, and instead they're going to give away for free an AV product based on the same technology. I've had several people ask me questions...

John Viega http://www.stonewallsoftware.com/ Earlier this week, Microsoft announced that they're going to stop selling their consumer security product OneCare, and instead they're going to give away for free an AV product based on the same technology. I've had several people ask me questions... tag:broadcast.oreilly.com,2008://53.34192 2008-11-19T18:27:11Z 2008-11-19T18:27:11Z

When you look at the average, non-technical user, they probably should be running AV, because it is pretty unobtrusive, it does catch some things (even if it's not many), and they don't have the same sense of what the real risks are as I do. But, many technical people are like me. We're only going to use security technology if it's easy to use and works pretty well, unless forced to do so by our bosses. That leaves many geeks more vulnerable than they expect. But I know plenty of people who didn't install AV even after an infection, because they thought the price was too high... they'd rather do a very occasional cleanup.

John Viega http://www.stonewallsoftware.com/ When you look at the average, non-technical user, they probably should be running AV, because it is pretty unobtrusive, it does catch some things (even if it's not many), and they don't have the same sense of what the real risks are as I do. But, many technical people are like me. We're only going to use security technology if it's easy to use and works pretty well, unless forced to do so by our bosses. That leaves many geeks more vulnerable than they expect. But I know plenty of people who didn't install AV even after an infection, because they thought the price was too high... they'd rather do a very occasional cleanup. tag:broadcast.oreilly.com,2008://53.34161 2008-11-17T14:15:29Z 2008-11-17T14:15:29Z

While I don't believe that there is a "silver bullet" for security, I do think that end users should be getting a lot more for their money, by getting a better experience (e.g., AV that doesn't slow down their computer) and better security (e.g., AV that is more than one step above "worthless").

John Viega http://www.stonewallsoftware.com/ While I don't believe that there is a "silver bullet" for security, I do think that end users should be getting a lot more for their money, by getting a better experience (e.g., AV that doesn't slow down their computer) and better security (e.g., AV that is more than one step above "worthless").