Entries tagged with “security” from O'Reilly Digital Media Blog

I took a quick look at the free ClamXav anti-virus software for OS X last month. However, I didn't have any malware to test with it. Well, I found my archive of captive test malware and tried it out with ClamXav.

The consensus seems to be that Mac OS X does not need anti-virus software. However, I thought about anti-virus in terms of Windows running as a Guest OS as well as people running Windows XP/Vista with whom I exchange documents. So, I took a look at the free ClamXav (based on the Open Source ClamAV proejct) as an anti-virus tool.

VMware Fusion 2.0 RC1 includes free McAfee VirusScan Plus 1-yr subscription for Microsoft Windows Guest OSes on your Mac. But, IMHO, it is a pretty "heavy" product and you might still want to look around.

One of the few "dangerous emails" that made it past my rather aggressive SpamAssassin setup recently was a phishing attempt, claiming to have been sent by Google's AdWords service. When I took a closer look at this email, I noticed a header field that I hadn't come across before, and which adds another useful little helper in the fight against spam-n-scam emails.

At the "PWN 2 OWN" contest during last month's CanSecWest, which claims to be the "world's most advanced conference focusing on applied digital security," a MacBook Air was the first of three laptops to be "pwned," i.e., to be broken into. The other machines were running Windows Vista and Ubuntu Linux, and only the latter managed to withstand all attacks until the contest's end. Is it time for Mac users to finally start panicing about malware on OS X?

My response to David Battino's post on dealing with USB dongles: Yeah! I suggest they stop using dongles! Seriously, I don't understand the recent resurgence of copy-protection dongles. While the nominal reason is to prevent copies, I feel that what dongles do is prevent many potential users from evaluating and purchasing the program. Let's face it: Not everyone can afford...

Yet another phishing email arrives, and it's bugging me more and more just to hit delete or the Spam button. I'd like a toolbar item (or a Favorite to add to my browser toolbar) that does something a little more useful with them--any suggestions?

This movie is very illustrative of where our database culture is going. I actually have a very high personal tolerance of privacy invasion, especially on an opt-in basis.

What will be funny is when we watch it and say, "I dont' get it." in about 5 years.

Of course if you can't beat 'em, join 'em. I've got the VC's lined up - who wants to join me in a startup to developing the application shown here?

Anton Chuvakin just linked to this “nerd version of an Agatha Christie novel” in his security blog, but this detective tale about Sony's dangerously sloppy CD-protection software has profound implications for music.

Part 3 of a series on how IP Relay, a system designed to help deaf and speech-impaired people make phone calls via the Internet, is being exploited by scammers & pranksters, who use it to conceal their identities.

A significant number of Amazon customers severely downgraded this hit album solely because of its sneaky copy-protection. Is it a trend?

Part 2 of a series on how IP Relay, a system designed to help deaf and speech-impaired people make phone calls via the Internet, is being exploited by scammers & pranksters, who use it to conceal their identities.

A system designed to help deaf and speech-impaired people make phone calls via the Internet is being exploited by scammers & pranksters, who use it to conceal their identities. Part 1 of a series.

I just received a press release from Robin Gross of IPJustice that Jon Johansen is being retried in Norway.

From the abstract: "For such networks where loads can redistribute among the nodes, intentional attacks can lead to a cascade of overload failures, which can in turn cause the entire or a substantial part of the network to collapse."

In the Norway's prosection of DeCSS developer Jon Johansen, the court found him innocent on all counts.

A lawyer writing on behalf of Rep. Howard ("P2P Anti Piracy Bill") Berman (D-Calif.) wrote in to the Politech list with some "clarifications" of the bill.

Here is another Perl success story from Jay Lawrence, writing in to the mod_perl mailing list. EDDS is a customized document management system.

This guy sounds off on the flawed security of commercial p2p trojan horse business strategies. However, he doesn't recommend any alternatives. I think the industry has to solve the mobile code trust issue eventually, not just say "it's a really hard problem.".

At least one lawmaker has decided to not turn a blind eye to the Audio Home Recording Act, throwing a big wrench in the music industries plan for all CD's to be copy-protected.