malicious code

Can I use a CISSP book to study for SSCP?

by Dave Farquhar
November 27, 2016August 1, 2017

Can I use a CISSP book to study for SSCP? That’s a good question, and a good idea, but I don’t recommend it anymore.

Reports of the Droidpocalypse have been greatly exaggerated

by Dave Farquhar
July 19, 2013July 18, 2013

I was listening to the excellent Risky Business analysis of the Droidpocalypse this week, and I’m happy to report that the vulnerability that affects 90% of Android devices ever made, while serious, is vastly overstated. Read More »Reports of the Droidpocalypse have been greatly exaggerated

Questions from the logs

by Dave Farquhar
January 6, 2013November 27, 2016

If one person uses a password, another will. That’s a popular hacking theory. If that’s true, then chances are if one person asks a question, another will. So here are three short questions (one completely unrelated to the others) I found in my logs over the weekend, and their answers.

Windows 8 promises better security–to a point

by Dave Farquhar
August 12, 2012

At the summer hacker conferences, researchers have been talking up Windows 8 and its improved security. They talk a good game, but here’s the end run around it.

End of the innocence for Mac security

by Dave Farquhar
March 30, 2012

Antivirus vendor Kapersky has identified a new trojan horse targetting Macintoshes. It spreads a botnet based somewhere in China via an infected Microsoft Word document, typically sent as an e-mail attachment.

The spin is that if you don’t use Word on your Mac, you’re safe. That’s true–this week. But going forward, it’s going to take more than that.Read More »End of the innocence for Mac security