Hot off the heals of the XSS silliness between the Obama and Clinton camps, the my.barackobama.com site is looking for a network security expert to wants to…
…play a key role in a historic political campaign and help elect Barack Obama as the next President of the United States.
Ok, no mention of security in that opening [...]

Posted in Misc, Security No Comments »

Just finished watching Recount on HBO.  Excellent, excellent film, and I highly recommend it.  I followed a lot of what was going on in Florida in 2000, and even more so in 2004 while living there.  Even got offered the chance of examining an electronic voting machine in 2005 for security issues, but that’s another [...]

Posted in Misc No Comments »

Now this is what I call a disaster recovery team!  (follow the comments for some interesting side discussions as well).
One of the things us security guys do is think about the worst thing that could possibly happen.  It’s nice playing Dr. Evil with these “what if” scenarios with clients to see how prepared they are [...]

Posted in Misc, Security No Comments »

I said I would never do it.  I promised that I wouldn’t be part of the “hype”.  I went for ages not signing up, but I’ve finally bitten the bullet and joined Facebook.
Ok first up, the reason for joining.  Tara’s been on the site for some time, and is able to keep in touch with [...]

Posted in Misc 2 Comments »

As I said in my previous post, I would have loved to have gone to the RSA conf this year (plenty of people to catch up with, even if I only could get into the expo hall), but I’ve been away on travel.  In any case, Jon Pincus, all round smart guy, brainiac, and I’ve [...]

Posted in Misc, Security 2 Comments »

It always seems to happen – whenever things get busy great posts come out of the woodwork.  If I’m traveling on my own, I often just head back to the hotel and work, but as the wife is along on this one (poor thing – sometimes the only vacation she gets is an “add-on” after [...]

Posted in Misc, Security, Trip Report 1 Comment »

Small post, because Bruce, as ever, has said it all.
The "tricks/hacks/techniques" of testing any system can always be learnt, but you just have to have that security mindset to start off with.  Having that way of thinking means all the rest is downhill work, and anyone with a good "security mind" given any exploit idea [...]

Posted in Misc, Security No Comments »

Coding Horror has a post up that is really close to my heart – debugging.  Years and years ago, my PhD topic was specifically to do with this topic and for a few years I studied programmer psychology (why programmers create bugs in the first place – what it is in their "mental model" that [...]

Posted in Misc 2 Comments »

JD Meier is far too organized for my liking   I really enjoy reading his posts, and worked with him in the past on something a while back, but (and I’ve written about it before) he makes me feel inadequate sometimes   I really have a lot to learn from him in how [...]

Posted in Misc 1 Comment »

Turns out that I’m just not famous enough (or photogenic enough, or chicken-little enough) for Fox 11 news
Last week, McAfee (the parent company of Foundstone) PR was contacted by a producer of Fox 11 news (local Fox channel in the Los Angeles area) asking for an “expert in web security” that would do [...]

Posted in Misc, Security 1 Comment »