What with the IR gig I’ve been on, work just being out of control at the moment, as well as the usual flurry of posts after BlackHat/DefCon, I haven’t been able to keep with my reading, let alone posting.  There’s been a lot of interesting things going on which have received plenty of coverage that [...]

Posted in Industry, Musings 2 Comments »

On my trip out to DC a few weeks back I stopped over to see Gary McGraw for a bit.  On of the things he showed me was some numbers of security companies revenue and growth.  I can’t say I was sworn to secrecy on this, but he did say he was going to write [...]

Posted in Industry No Comments »

Ok, maybe signing up for the clear pass (from my previous post) isn’t such a good idea
http://yro.slashdot.org/article.pl?no_d2=1&sid=08/08/05/1539231
It’s still unbelievable to me that so many place that store “sensitive” data, especially on “mobile” data like laptops, CDs, etc aren’t encrypted.  Seems like a sensible precaution and a no-brainer.

Posted in Industry, Security No Comments »

There’s been some talk about this, and no-one really knows what it means for the security industry just yet (at least not anything I’ve seen thus far), but the just passed Texas House Bill 2833 has the following paragraph
(b)  For purposes of Subsection (a)(1), obtaining orfurnishing information includes information obtained or furnishedthrough the review and [...]

Posted in Industry, Security 3 Comments »

Ages back I met Rich Mogull at BlackHat/DefCon and we got on really well.  Turns out we have some strange shared background as he worked backstage on some of the same tours state-side that I did in Europe.
Anyway, Rich is blogging at http://securosis.com/
As an ex-Gartner security analyst he has great insight into the [...]

Posted in Industry, Security No Comments »

Through my RSS reader I discovered the above named article the other day, so took a quick look.  In some ways I wish I hadn’t, and I hope that not many other people did either. 
The first few tips are pure “security by obscurity”, and you should never “sanitize” user inputs - either they passes validation [...]

Posted in Industry, Misc, Security No Comments »

I ranted a little about data portability when I finally signed up for Facebook and did my "things change".  Little did I know that only a few days later, my concerns about security on social network sites were to be proven via this data sharing feature. 
Byron Ng seems to have a bit of a [...]

Posted in Industry, Security No Comments »

Congrats to Jeremiah and WhiteHat for integrating their scanner into a WAF.  It’s something I have been talking about (quietly though) for a while in that would really be a killer partnership.  I don’t believe that a WAF is the answer to webappsec, but I also don’t think it provides “nothing” either.  It’s a difficult [...]

Posted in Industry, Security 2 Comments »

Haven’t been posting a lot recently, mostly because I’ve been heads-down in work that I can’t really post about, and there’s not been a lot of news that has caught my interest.  I hope to have a good announcement of some things I’ve been up to in the next few weeks, but in the mean-time, [...]

Posted in Industry, Security 1 Comment »

Also crossing my RSS feed today is the Web Hacking Incidents Database Annual report for 2007 [warning: PDF link behind free registration - I'm sure if you don't want to register, you know what do to ;)]
The ModSecurity blog summarized it nicely, but there are some areas of it that I find a bit [...]

Posted in Industry, Security, Uncategorized No Comments »