Looks as if Facebook are having a few issues with click-fraud.  No surprises really, every major online advertiser faces the same problems.  Just as spam followed the popularity of email, click-fraud is going to follow advertising budgets onto the web.
What I’ve found interesting in this case is who benefits from click fraud.  In the case [...]

Posted in Musings No Comments »

Looks like Jakob Nielsen is at it again.  The man certainly knows his usability stuff, and although he’s often controversial, and seldom “wrong”, he does put out some “doosies” every once in a while.  His latest column on web usability calls for people to stop using password masking – effectively not using the “type=password” attribute [...]

Posted in Musings, Security 3 Comments »

Consulting can be a lonely job at times – often we are either on a client site, or working at home (which don’t get me wrong, has it’s own benefits) – so having a chat open between all the other people in Foundstone keeps one "connected".  Although the beer-signal-to-noise-noise ratio is sometimes low, it’s really [...]

Posted in Musings, Security No Comments »

I’m not sure where this link resurfaced from – I saved it to read and got to it the other day – but this post from Joel on Software has two of the things I spend many a day looking at – bug reports and methodologies.
Bug reporting
Everyone knows how to report a bug right?  Repro [...]

Posted in Musings, Security 1 Comment »

Gary McGraw has posted another article in his InformIT column, this time specifically on web applications and software security.
Its a great article, and Gary is spot on, but I had a couple of points I wanted to discuss, so I emailed them off.  Thankfully, Gary is a friend, and is really good at arguing any [...]

Posted in Musings, Security 2 Comments »

Two great posts from the Veracode blog I have to point out if you haven’t read them already
The first one, Credit for Researchers, I think is very important.  From my academic days, referencing previous work was de-rigeur and you just weren’t taken seriously if you published or spoke without noting the people that laid the [...]

Posted in Musings, Security 1 Comment »

In the film War Games, Joshua/WOPR asks "would you like to play a game"?  David (Matthew Broderick) of course wants to play "Global Thermonuclear War" (and I’m sure you would to – chess or tick-tac-toe is just so boring – we want those cool graphics!).  Because of this choice the world (in the film [...]

Posted in Musings, Security No Comments »

After lots of speculation, Google has been working on a browser (for a number of years).  All very cool and slickly done, from the comic-book user-guide to the "look" of the browser to the long piece in Wired all coinciding with the release.
Usually, I like competition, especially in the technology marketplace – the more [...]

Posted in Musings, Security No Comments »

What with the IR gig I’ve been on, work just being out of control at the moment, as well as the usual flurry of posts after BlackHat/DefCon, I haven’t been able to keep with my reading, let alone posting.  There’s been a lot of interesting things going on which have received plenty of coverage that [...]

Posted in Industry, Musings 2 Comments »

Every now and then I get sent out on incident response engagements.  On Wednesday the phone rang; a client had contacted us with a big ongoing incident and needed some help.  I was on the next plane out (red-eye – I hate those things!).
While onsite with the client we went to a users desktop [...]

Posted in Musings, Trip Report No Comments »