Ok, maybe signing up for the clear pass (from my previous post) isn’t such a good idea
http://yro.slashdot.org/article.pl?no_d2=1&sid=08/08/05/1539231
It’s still unbelievable to me that so many place that store “sensitive” data, especially on “mobile” data like laptops, CDs, etc aren’t encrypted. Seems like a sensible precaution and a no-brainer.
Entries Categorized as 'Security'
"Clear" Air-Travel Pass Data Stolen From SFO
August 5, 2008
Computer security work Illegal in Texas without PI licence?
July 4, 2008
There’s been some talk about this, and no-one really knows what it means for the security industry just yet (at least not anything I’ve seen thus far), but the just passed Texas House Bill 2833 has the following paragraph
(b) For purposes of Subsection (a)(1), obtaining orfurnishing information includes information obtained or furnishedthrough the review and [...]
Browsers to spell the end of XSS?
July 2, 2008
Congrats to RSnake for working the the ’softies and breaking the news that IE8 will have anti-XSS technology built into the browser.
This is really very cool, and as RSnake says, a big step in the right direction - programmers will always make mistakes, and any methods we can help protect against buggy software from being [...]
VA+WAF: that’s hot!
June 19, 2008
So, it seems that the whole VA+WAF discussion is clearly the “hot” topic in webappsec this week. First up we have the ts/sci post that I linked to earlier, Andre responded, and we also have a post from the guys at CGISecurity.
I’ll first address one of Andre’s comments before getting into the meat of this [...]
What web application security really is
June 17, 2008
One more post before I really should head off to bed
Another blog that I’ve read on-and-off, but has just got a permanent place in my RSS reader is ts/sci security. There been one post recently that although I don’t agree with 100%, certainly is “on the money”.
http://www.tssci-security.com/archives/2008/06/15/what-web-application-security-really-is
The only part I’m not sold on [...]
Another feed on my RSS
June 17, 2008
Ages back I met Rich Mogull at BlackHat/DefCon and we got on really well. Turns out we have some strange shared background as he worked backstage on some of the same tours state-side that I did in Europe.
Anyway, Rich is blogging at http://securosis.com/
As an ex-Gartner security analyst he has great insight into the [...]
Quick times for web app security
June 7, 2008
Through my RSS reader I discovered the above named article the other day, so took a quick look. In some ways I wish I hadn’t, and I hope that not many other people did either.
The first few tips are pure “security by obscurity”, and you should never “sanitize” user inputs - either they passes validation [...]
Data portability security breach
June 3, 2008
I ranted a little about data portability when I finally signed up for Facebook and did my "things change". Little did I know that only a few days later, my concerns about security on social network sites were to be proven via this data sharing feature.
Byron Ng seems to have a bit of a [...]
Selling security
June 1, 2008
Very good article by Bruce Schneier on how selling security is difficult and fraught with cognitive bias. A recommended read to anyone that has to sell security service both to other customers or internally in their own organizations.
Obama looking for security expert
June 1, 2008
Hot off the heals of the XSS silliness between the Obama and Clinton camps, the my.barackobama.com site is looking for a network security expert to wants to…
…play a key role in a historic political campaign and help elect Barack Obama as the next President of the United States.
Ok, no mention of security in that opening [...]

Posted in

