“A nearly impenetrable thicket of geekitude…”

December 2004

Netcraft Anti-Phishing Toolbar

Netcraft have released an anti-phishing toolbar. This sounded like a great idea right up to the point where I realised I couldn't use it because I don't use Internet Explorer.

That's right, this is at present something for those people who are (a) security conscious enough to read Netcraft's newsletters but (b) not security conscious enough to have heeded the warnings to stop using Internet Explorer.

Apparently, a Firefox version of the toolbar will be made available. Until then, this idea looks just a little cynical and pointless. They are really pleased with their TV coverage, though.


Movable Type 3.14

Like many other people, the burden of discarding unwanted blog comment spam has been loading down my server recently, even though very little of it gets through to the site now thanks to MT-Blacklist. I have therefore upgraded to Movable Type 3.14, which reduces this problem by not regenerating parts of the site when it isn’t needed.


Schneier on Safe Personal Computing

Bruce Schneier is a well respected professional paranoid (“internationally renowned security technologist” is the way his web site puts it). He recently updated his list of tips for safe personal computing after a gap of a few years. Both old and new lists are full of sensible things you can do to make yourself more secure: if you do these things, you will be more safe. If you don’t do these things, you should at least have a rationale ready.

This year’s list is about 50% longer than the May 2001 version; I guess that doesn’t surprise me, as the environment has taken several steps in the direction of “more evil” since then. For example, phishing for bank account information was relatively unknown “way back then”. In the last year or so, this particular attack has grown by a factor of twelve (or more, depending on who you listen to) to the point where there are so many of these things in my inbox that it is sometimes hard to believe that anyone is taken in any more.

Having said which, the really interesting thing about the new list is that it is mainly the same as the old list. There are a couple of new things (buy a cheap NAT firewall box for home, don’t ever use Internet Explorer) but most of the changes seem to be rewording, clarifications and more detail.

I would personally be very interested to see Bruce’s own take on what he thinks has changed over the period. I’d also like to see him renew this list regularly. The only thing I worry about is that if the environment continues to get more hostile and nothing else improves, we are likely to need a list with just one entry: Trust No One.