Skeptically Speaking! is a radio show broadcast from CJSR Edmonton, Canada. It’s on every Friday at 8pm ET. You can listen to them online, or via iTunes, as well! Click here for links, or search for CJSR on iTunes. Tonight, I was invited to speak on cyber security! It was a lot of fun, and [...]

[Read more →]

[reprinted from Keith on pluralsight.com]

A null session is how Windows represents an anonymous user. To understand how it is used, imagine the sort of code you have to write in a server to deal with authenticated clients. After authenticating a client using Kerberos, say, your server receives a token for that client that contains group SIDs, and you can use that token to perform access checks against ACL’d resources. For instance, given the client’s token it’s quite easy to check whether that client should be granted write access to a file. We can simply impersonate the client and try to open the file for writing. The operating system will compare the DACL on the file with the client’s token (that we’re impersonating) to make this determination. The administrator can control access to files by editing their ACLs. But what if you also service anonymous requests—that is, those for which you won’t get any token for the client at all? It’s impossible to impersonate a client for whom you don’t have a token.

[Read more →]

I was coerced into taking a trip to Springfield, Missouri this week. It turned out to be a good time, and while I did work, it was nice weather and it was nice to get out of the office! It certainly did break the routine, which was good. I packed and drove to the office [...]

[Read more →]

Every few weeks, I’ll get email from my mother. I’m impressed she knows about email, and is a capable user of the Internet. I shouldn’t be surprised, it runs in the family. My father, on the other hand, is coming along much more slowly into the Internet age, but that’s another story. This morning, I [...]

[Read more →]

I admit it, I’ve been a delinquent delinquent. I haven’t really dropped off the face of the earth, I’m still here. I’ve been swamped with developing online security courses, preparing to speak at a conference, creating a new website, working and preparing for an open house. It’s kept me busy, and I didn’t even get [...]

[Read more →]

Make sure to marke March 13th (next week!) for the Springfield FBI Infragard Conference, if you haven’t already! Haven’t heard of this conference? Well, the speakers are world-class, but with a small budget there isn’t a lot being spent on advertising. If you are located in Illinois and can make it to the 8:30 AM [...]

[Read more →]

A photo I took of a Mumbai Police sign was selected to accompany an article on how Mumbai (India) Police are looking for wi-fi networks, so they can somehow secure them. As if checking a “WPA Security Enabled” switch will do much to prevent terrorism. The author points out that it is easy to pay [...]

[Read more →]

If it isn’t too late, you might ask Santa for a special “safe” place to keep your valuables in 2009. Let’s just say, someplace safer than the stock market, or your mattress. Someplace that criminals wouldn’t think to look when they break into your house. The other option is to make your own secret security [...]

[Read more →]

Ho! Ho! Ho! Fool! It’s been a banner month at the ol’ Bill Gates household. Santa has snuck down the virtual chimney, and put all kinds of unwanted presents under our Christmas tree of security! Despite the downturn in the economy, this is the BEST Christmas in five years! Microsoft offers up patches for 28 [...]

[Read more →]

My back is bothering me today, so I stayed home to work this morning and I thought I’d take a break and update you on what I’ve been up to lately. Let me start off assuring you that my back is ok. It is just strange that in the past day, whenever I sneeze, my [...]

[Read more →]