Microsoft TechNet has released their March 2007 issue, which includes part two of Inside the Windows Vista Kernel. This article covers dynamic memory management, ReadyBoost and related features, and the new Credential Provider architecture (replacement for GINA). It’s a good overview, but I wish there was more detail available. This is at least a start [...]
This article on Dark Reading presents several security risks created by virtualization - at least according to a few experts. I think they are neglecting to mention enough of the security benefits that virtualization technologies (such as VMware and Xen) can provide. In my mind, the advantages of virtual machines outweigh the few added risk [...]
NIST just released three great guides relating to network security. SP 800-45 is entitled Guidelines on Electronic Mail Security [pdf], and addresses topics such as securing a mail server, content filtering, various email standards, and of course email encryption and signing.
Also new, SP 800-84 is called Guide to Intrusion Detection and Prevention Systems [pdf]. It [...]
I thought this list of common blunders made during an investigation was very practical, and it’s always interesting to hear war stories of prior screw ups. A lot of them are common sense and simple, such as keep good notes, and maintain the chain of custody. Some other tips were more insightful, such as keeping an [...]
OpenID is a specification for doing decentralized authentication of users on the Internet. It allows you to send your credentials to multiple OpenID-enabled sites, while using only one password to authenticate to your OpenID provider - which can be your very own server. It’s a neat idea to move closer towards a single sign-on implementation [...]
