Security woes at work

I got flagged for having failed an automated security scan at work. I explained that the scanner program was wrong, and that I was running anti-virus software. The next month I got flagged again, explained again. This time they said the problem was that I wasn’t running the exact version on the internal download site. I said yes, of course I wasn’t. The version on the download site was over three years old, and caused Windows 2000 instability resulting in BSODs.


Well, what a freakin’ disappointment that was. I joked a while back that since Apple couldn’t shift enough of the current iMac because of the pricey screens, they would probably introduce a new Cinema Display iMac, priced hundreds of dollars higher. Unfortunately, they did, and it looks kinda ungainly. And that’s it for new hardware, except for a 20GB iPod. Sure, some of the features in the next OS X release look cool, but we already knew about those.

Don’t trust Microsoft—no, really

Well, the inevitable has happened: some hackers have managed to get hold of a valid Microsoft security certificate. This will let them sign their virus or trojan horse programs, and Windows will believe that the code was written by Microsoft and run it without warning. The signed malicious code could be sent by e-mail or embedded in any web page as an ActiveX control. The article suggests that users just need to check the signature date and refuse to run the ActiveX control if it’s the wrong date—but that’s not true.