What is Toluu?
Toluu is a free service for sharing the feeds you read and discovering new ones.		 Get Invite

Jesper's Blog

Obligatory file photo:

 Welcome to Jesper Johansson's blog. This is my home for pontification on the web. In case this is your first time here, I have been working on information security for about 20 years, and have been writing and speaking on the topic for about 10. I am also a Microsoft MVP in Windows Security.
My most recent book is the Windows Server 2008 Security Resource Kit . Because I am also a scuba instructor you may find some posts related to that topic as well.  Just because it took me so long to get it, I also like to say that I have a Ph.D. in Management Information Systems from the University of Minnesota.


What do you think, should I do it?November 16

I get a fair bit of blog spam - comments advertising everything from sexual enhancers to fake anti-malware. This one just came in this morning:

Sweet! I can turn off all the blog spam just by e-mailing the criminals? Or, could it possibly be that this is a clever ruse find out what my e-mail address is so they can send their junk there too? Hmm. I think I'll just forward this to abuse@gmail.com.

aggbug.aspx?PostID=9940
Fun Experiences at Airport SecurityNovember 15

For a while I've been thinking about writing something about interesting times I've had at various airport security checkpoints; security theater, as they have come to be known. There is the obvious shoe removal arguments and the ill-defined rules on electronics (my camera is larger and has more electronics than most laptops, but that can stay in the bag, laptops can't), but there have been more interesting stories. Got any of your own? Share them!

Around November 2001 a colleague of mine and I flew to New York on business. On the way back we went through Kennedy airport. I was wearing a pair of boots, which the TSA (was it even TSA then?) required me to remove, even though shoes were not normally removed at the time as airport security hadn't yet figured out that you could bomb a plane with them. The lady scanned them for explosives and then handed them back saying "these are OK." I was so relieved because I had explicitly asked for the non-exploding boots when I bought them.

Not TSA related, but still: the same year I was traveling through Boston with my competition shotgun. It was broken down into three pieces and stuffed into a very solid, and quite short, aluminum case. When I went to check in I told the check in agent that it needed special screening. She asked me to open it and then asked what it was. I responded that it was a shotgun. She took two steps back from the counter, threw her hands up in the air, and exclaimed "Is it unloaded?" I felt like a

XP Antivirus in the NewsNovember 7

Several helpful people just pointed me to some articles on XP Antivirus and its various variants. In case you do not remember, XP Antivirus was the subject of an article I wrote for The Register a few months back.

It turns out that the scammers got hacked, and the hacker posted some internal accounting details on the web. As suspected, this is a sophisticated business making millions of dollars. It even appears to have an affiliate program.

In case you have not seen the articles yet, here are a few:

http://www.iht.com/articles/2008/10/30/technology/virus.php
http://www.smh.com.au/news/technology/security/russian-scammers-cash-in-on-popup-menace/2008/11/04/1225560814202.html
http://www.scmagazineuk.com/Hacker-reveals-Russian-software-company-behind-anti-virus-scam/article/120152/

Thanks to Marc Michault, Phillippe Jan, and Jason Grubè for all pointing me to articles on this topic.



Is MS08-067 Wormable?November 4

A couple of weeks ago Microsoft released an out-of-band security update in bulletin MS08-067. Looking at the type of vulnerability and the fact that the issue was already being exploited in the wild at the time, this was a good decision. If you have not already installed this security update, you should stop reading this right now and return after you have installed the update.

The problem fixed in MS08-067 is eerily reminiscent of the vulnerabilities that resulted in the Blaster and Sasser worms. Therefore, for obvious reasons, the question arises whether MS08-067 is wormable or not. Microsoft claimed in various outlets that it was wormable "on older systems." Michael Howard backs that up with some interesting analysis on the SDL blog. The Secure Windows Initiative (SWI) blog also discusses the issue and points to a number of mitigations designed to reduce the "wormability" on newer operating systems. By "older systems" Microsoft really means "not Vista and Server 2008." This leads to the question of why the vulnerability cannot be used to create a worm on Windows Vista and Server 2008, and whether the claim is correct or not.

The claim that MS08-067 cannot be used to create a wo

Need a spare Windows box?October 24

Have you ever found yourself in urgent need of another Windows box? Or, have you wanted to build a web application on Windows, but without having to buy servers? Or maybe you just want to have a network of Windows machines that you can test your new Server Isolation strategy on? You're in luck! Amazon yesterday launched its new Windows on EC2 service. Inside of five minutes you can be ready to log on to your very own Windows on EC2 instance and get started on all those projects!

EC2 is Amazon's Elastic Compute Cloud, a network of virtual servers where you pay only for what you use. Use it for two hours and you get charged for two hours. Use it for a month and you get charged only for a month. It's an eat-all-you-want server where you pay only for what you eat. You can even get it with SQL Server pre-installed.

As if having the ability to build your very own virtual network of Windows computers at minimal cost were not enough, there is even a security whitepaper on how to do it safely. Maybe you will even find some comfort in the familiar name involved in the project?

 

aggbug.aspx?PostID=9748