From a post on the webappsec mailing list (see – I do read it!), Rafal Los writes up some of his notes.
Nothing too unusual there, but I still think a fair amount of FUD.  In a lot of cases I agree with his notes, and it’s worthy of a lot longer post.  You can really [...]

Posted in Security No Comments »

I continue to be amazed at how many similarities of previous work/lives people have in the security world.  I was talking to Rich Mogull at BlackHat a few years ago and found out that he worked on exactly the same touring shows in the US that I had back in Europe.  Now I find out [...]

Posted in Security No Comments »

I’m not sure where this link resurfaced from – I saved it to read and got to it the other day – but this post from Joel on Software has two of the things I spend many a day looking at – bug reports and methodologies.
Bug reporting
Everyone knows how to report a bug right?  Repro [...]

Posted in Musings, Security 1 Comment »

Gary McGraw has posted another article in his InformIT column, this time specifically on web applications and software security.
Its a great article, and Gary is spot on, but I had a couple of points I wanted to discuss, so I emailed them off.  Thankfully, Gary is a friend, and is really good at arguing any [...]

Posted in Musings, Security 2 Comments »

I know this is going to seem a bit "mean", but I couldn’t help laughing to myself when I saw this thread in the webappsec mailing list.  I try to follow the list, but seldom (if ever) post to it as I’m just not fast enough, and there are plenty of good people on that [...]

Posted in Fun, Security No Comments »

Two great posts from the Veracode blog I have to point out if you haven’t read them already
The first one, Credit for Researchers, I think is very important.  From my academic days, referencing previous work was de-rigeur and you just weren’t taken seriously if you published or spoke without noting the people that laid the [...]

Posted in Musings, Security 1 Comment »

I’m slowly catching up on blog posts I marked as "must read", and wanted to share this one.  Mark is a huge hero of mine, and I’ve been really a fan (and big user) or the SysInternals tools for a long time.  This is a long (43min) interview, but is well worth watching.
http://edge.technet.com/Media/Interview-with-Mark-Russinovich-the-future-of-Sysinternals-Security-Windows/
There’s (obviously) a [...]

Posted in Security No Comments »

If there’s any other gadget that has got as much buzz and anticipation as the iPhone, it has to be the G1 phone with Google’s Android platform on it.
Now I thought that Apple had some interesting bugs and a lax security process, but this "bug" is just plain dumb (thanks FS con chat guys for [...]

Posted in Industry, Security No Comments »

From the IE8 blog, it would appear that the next version of Internet Explorer will not support CSS expressions by default (still will be available in quirks and IE7 mode, but by default this will be turned off).
This is really good news, and an indication that once again Microsoft are doing their best to make [...]

Posted in Security 1 Comment »

Microsoft’s internal security conference BlueHat finished on Friday.  I posted earlier that I would do a write up about it, so I’ll briefly discuss the presentations I went to, and some of the other comings-and-goings of the conference.  I’m told that some of the presentations will be up on TechNet later, so look out for [...]

Posted in Industry, Security, Trip Report 4 Comments »