Federico Biancuzzi surveys statements from some of the world's largest software companies about vulnerability disclosure, interviews two security companies who pay for vulnerabilities, and then talks with three prominent, independent researchers about their thoughts on choosing a responsible disclosure process. In three parts.
Anonymous No More
In the age of personal information versus aggregated information collected from search engines and other Internet services, one's privacy can no longer be assured. Mark Rasch looks at a recent Amazon patent application that shows how the laws need to be tightened because the lines of privacy are becoming blurred.
LinuxWorld, Virtually Speaking
With all the free virtual machines out there running security software or acting as virtual security appliances, you'd think VMWare is on everyone's mind. Scott Granneman offers some thoughts at the close of this year's LinuxWorld.
E-Mail Privacy in the Workplace
A Month of Browser Bugs
Scott Granneman looks at the virtues and pitfalls of browser fuzzing and the overwhelmingly positive impact it has on the security community.
Application-level Virtualization for Windows
Federico Biancuzzi interviews Eyal Dotan, who has developed application-level virtualization software that protects Windows hosts from malware. They discuss the architecture, advantages of this design, performance, and how this method could be applied to servers running Windows or be ported to other OSes.
Windows Genuine Disadvantage
A recent lawsuit filed against Microsoft should have all companies reexamining their privacy policies to determine what information they are actually collecting about customers, and what they can possibly do with it.
MySpace, a place without MyParents
Scott Granneman looks at the mass hysteria surrounding MySpace social security issues, examines a collection of frightening reports, and then discusses the real issue of parenting and parental supervision behind keeping our children safe.
Phishing with Rachna Dhamija
Federico Biancuzzi interviews Rachna Dhamija, co-author of the paper "Why Phishing Works" and creator of Dynamic Security Skins. They discuss the human factor, how easy it is to recreate a credible browser window made with images, some new anti-phishing features included in the upcoming version of some popular browsers, and the power of letting a user personalize his interface.
Retain or restrain access logs?
A recent proposal by the U.S. Department of Justice that would mandate Internet Service Providers to retain certain records represents a dangerous trend of turning private companies into proxies for law enforcement or intelligence agencies against the interests of their clients or customers.