I ranted a little about data portability when I finally signed up for Facebook and did my "things change".  Little did I know that only a few days later, my concerns about security on social network sites were to be proven via this data sharing feature. 
Byron Ng seems to have a bit of a [...]

Posted in Industry, Security No Comments »

Congrats to Jeremiah and WhiteHat for integrating their scanner into a WAF.  It’s something I have been talking about (quietly though) for a while in that would really be a killer partnership.  I don’t believe that a WAF is the answer to webappsec, but I also don’t think it provides “nothing” either.  It’s a difficult [...]

Posted in Industry, Security 2 Comments »

Haven’t been posting a lot recently, mostly because I’ve been heads-down in work that I can’t really post about, and there’s not been a lot of news that has caught my interest.  I hope to have a good announcement of some things I’ve been up to in the next few weeks, but in the mean-time, [...]

Posted in Industry, Security 1 Comment »

Also crossing my RSS feed today is the Web Hacking Incidents Database Annual report for 2007 [warning: PDF link behind free registration - I'm sure if you don't want to register, you know what do to ]
The ModSecurity blog summarized it nicely, but there are some areas of it that I find a [...]

Posted in Industry, Security, Uncategorized No Comments »

Hot off the back of Yahoo! implementing OpenID, Google goes and does the same.  OpenID is an identity/authentication system, much the same as Windows Live ID is.
As many commenters have said, this is a good thing for the project, and for security in general.  Although generally it’s considered "bad" to have a single accounts/sign-in [...]

Posted in Industry 3 Comments »