Latest Posts

Can IT find something better to do than play 'gotcha?'

Along the theme of a previous blog "Are users really to blame for poor security", the "geniuses" in IT are at it again. They're spending valuable business resources to craft a fake e-mail virus to "test" which users are going to be fooled into double clicking it.

January 24, 2005 by George Ou

14 Comments

You use my hotspot, I'll use your credit card

A recent story on "Evil twin" Wi-Fi networks that spoof legitimate hotspots or corporate networks makes it clear that all public hotspots should immediately implement 802.1x and PEAP authentication.

January 22, 2005 by George Ou

5 Comments 1 Vote

VoIP and open source, the next great frontier

As the commoditization and open sourcing of operating systems and applications continue to disrupt the software companies, telephony vendors have so far enjoyed a relative calm in the closed and proprietary phone systems market with substantial profit margins. That could now all be turned on its head with the proliferation of open source VoIP and PBX software.

January 9, 2005 by George Ou

7 Comments

Firefox has much to learn

It is widely asserted as "fact" that Firefox is more secure, but does that assertion really hold up under intense scrutiny? Peter Torr of Microsoft doesn't seem to think so.

December 22, 2004 by George Ou

5 Comments

PPTP VPN authentication protocol proven very susceptible to attack

Later today, Joshua Wright will release an upgraded version of his ultra-high speed password cracking tool called ASLEAP . For those of you already familiar with ASLEAP, you might be wondering what this has to do with Microsoft's PPTP VPN protocol since ASLEAP is a LEAP authentication dictionary attack tool.

December 17, 2004 by George Ou

13 Comments 1 Vote