Google Wave! It's been eagerly anticipated by many, and finally the beta is open to the lucky few who managed to bribe, beg or steal an invite. With thanks to a very good friend who has immediately rocketed their way up my Christmas list, I logged into my Wave account for the first time this week. I'm fairly impressed, with one caveat.

I'm not going to recap all the various clever bits of functionality Wave provides. Many other sites have done this to death, and there's that incredibly long Google IO video that shows you everything you could possibly want to know. What I will do is offer a couple of words of advice and caution. I have to do that, otherwise you'd realise I'm just posting screenshots of Wave to make you jealous.... (Read More)

I've never been a big fan of Vista. Back in those heady days before service pack 1 I gave it a whirl and found it slow, bloated, and zero improvement on Windows XP. To this day I quite happily run Windows 2000 (honestly, I know, but it's stable and fast), Windows XP and Windows Server 2003 on my various personal and business machines. Add to that a couple of SuSE Linux boxes and one Ubuntu laptop and I've got everything I need, as well as a hefty electricity bill.

A while ago, though, I bought some new computers for a security test lab. Normally I just buy components and build computers myself but in this case I needed four machines quickly, so buying pre-built made sense. I ordered three without an operating system but checked the little box to have Vista Business pre-installed on the fourth. I needed to do some "real work" on these machines, so three years too late I thought I'd take the opportunity to give Vista a proper evaluation. After all, it's easy and fashionable to bash Microsoft without giving their products a proper chance.

Unfortunately I had no idea of the disaster in store. Not because Vista is a bad operating system - far from it - but because of another nightmare awaiting me. This wasn't a driver issue, or a software compatability problem. It wasn't even a bug, flaw or vulnerability. It was something far more insidious, and it's an issue that's becoming increasingly severe across the entire technology spectrum.... (Read More)

Standards are a wonderful thing. They keep everything.... well.... standard. And as we security specialists flit from job to glamourous job, living the rock and roll consultant lifestyle, we can take comfort from knowing that any half decent IT department will stick to using industry standards to solve problems and build IT infrastructures. Corporate IT is a complex beast and, by laying down a generally accepted way of robustly designing systems, standards make it more manageable and secure. Pity the poor techie who has to create every single solution from scratch every time, for he maketh the IT security consultant rich.

Last week an odd thing happened. I decided I hated standards.... (Read More)

Virtualisation is a fascinating subject. Simply by installing a piece of software like VMWare or Virtual PC you can instantly host multiple virtual computers on your one, single physical computer. To the vast majority of software and operating systems a virtual PC is indistinguishable from a physical one. But because the entire virtual PC is stored in files on disk it makes backing up, rolling back and swapping between installations as simple as clicking the mouse. This makes virtualisation perfect for home users who want to try a new o/s or application without risking damage to their physical PC's configuration, or for businesses who want to build large test environments without tying up lots of servers.

But virtualisation isn't just for demo labs, training courses and home users. It's being used as a core component of large, critical, commercial and government IT infrastructures, and when a solution is used in a live environment security becomes of paramount concern. VMWare realise this and, at VMWorld 2008, ran a security track within their "breakout" (presentations, to you and I) sessions. I was an avid follower of this track because I have one fundamental concern about virtualisation: it causes security risk to grow silently and exponentially. ... (Read More)

As far as security services go, it's often quite hard to find real gems on the Internet. There are certainly lots of software and services available out there, but many of them cost money and don't deliver the goods. Some are even simple fronts for spyware and spam mongers, leaving you with a false sense of security whilst delivering you right into the attacker's hands. Fortunately those malicious trojan horses are few and far between. Where they do exist they're quite well documented and most decent anti-spyware or anti-virus software can catch them for you.

This leaves us with the fundamental question: how do you know if a service you're using is doing its job?... (Read More)