Cryptosmith

‘Way, ‘way back in the 1960s, computer designers tried out different techniques to limit how a computer executed its programs. Some should be pretty well known, like storage protection and the distinction between “kernel mode” for the operating system and “user mode” for applications. Another was data execution prevention (aka “DEP”), where the computer distinguishes between RAM that stores instructions and RAM that stores data. If the program tries to jump into instructions stored in data RAM, the CPU aborts the program.

Fast forward to 2010. Most microprocessors were supporting DEP in the mid 1990s; a few supported it before that. OS support came more slowly. Windows as been using one form or another of this since 2004 in XP Service Pack 2. However, it doesn’t matter for most major applications, because they didn’t fix their code to take advantage of it. So, if they suffer a buffer overflow, there’s nothing to prevent the computer from trundling off to la-la land.

Continue Reading »

Posted under History of Technology & Security | No Comments »

Here’s a recent posting on password problems that suggests 10 hard-to-follow rules.

The author highlights an important problem: attackers can do systematic trial-and-error guessing attacks against on-line sites. She focuses on a Google Gmail problem recently reported on Full Disclosure.

Here’s the point: use strong protection on high-value targets. Take the time to protect your major e-mail account, your financial resources, and anything else you really value. If you’re going to slack off, do it when registering to post a one-off blog comment.

Let me take a stab at my own list of recommendations.

Continue Reading »

Posted under Security | No Comments »

The easiest way to share files on a desktop computer is for everyone to use the same login, and leave all the files on the desktop or in the “Documents” folder.

On the other hand, a desktop can be a personal thing. If I put a file somewhere, I like to know it’ll still be in that spot when I get back. Computers are tricky enough. We don’t have to add the work of other unpredictable humans to make them hard to use.

Once a household starts using multiple logins, you run into a completely different problem: how do you share things? I took all those pictures and my daughter wants to see them. We took turns typing in Xmas presents as we opened them, now where do we put the list so everyone knows what Thank You notes to write?

Continue Reading »

Posted under Household Tech & Security | No Comments »

I just bought a Dell laptop. I generally buy from vendors I know, and St. Thomas has been buying Dell systems for the past several years. I might have bought an Apple, but their lowest base price was $1,000. I knew I could do a little better. In any case, I wanted to run both Windows and Linux. Running OS-X would have been a plus (I’m addicted to Aperture) but not worth the extra dollars.

The hardware seems solid – an XPS 1330 – and it’s comfortably compact. It has thumbprint authentication that seems tolerably robust. The major size limiters, the RAM and hard drive, are easy to replace. So is the 802.11g network card. It came with “Windows Home Premium.” I’m astonished at the amount of Dell-branded software you have to trim back. And I’m appalled that the default search engine, “Live.com,” directs you away from OpenOffice.org when you go looking for it.

Continue Reading »

Posted under Household Tech & Security | No Comments »