Why the Bitcoin Intrinsic Value Complaint is Irrelevant
In the aftermath of the Mt. Gox meltdown and subsequent bankruptcy filing, I have been reading a lot of commentary on Bitcoin. Even Paul Krugman […]
An Information Security Place Podcast – 01-22-14
Jim, Dan, and Michael have a lot of catching up to do. We talk about a lot of stuff because a lot of stuff has been […]
Podcast: Play in new window | Download (Duration: 1:00:33 — 87.2MB)
Subscribe: Apple Podcasts | RSS
HO-FFL 2013 Wrap up
The season is over! It was fun to play with all that participated and I got to have some fun conversations about football & the […]
An Open Letter to Barack Obama: If You aren’t Sure of Health Exchange Security, Shut it Down Now
Stability in Only the First Issue – Security Will Be Healthcare.gov’s Real Achilles Heel There has been a significant amount of attention to the the […]
If at first you don’t succeed, you’re hosed: The criticality of authentication in web scanning
We appreciate Kevin Beaver’s recent blog post about NTOSpider’s unique ability to authenticate on some of the trickiest applications and stay properly logged-in throughout the scan. At NTO we take pride […]
HO-FFL Update
We are now in the middle of week 4, but I want to catch everyone up on whats been happening. First of all, I am […]
Four Reasons Security Teams Can’t Stop SQL Injection Vulnerabilities
SQL injection vulnerabilities have threatened application security for years. So why are they still quite common, despite the fact that we, as an industry, should […]
Eight Reasons Why SQL Injection Vulnerabilities Still Exist: A Developer’s Perspective
Knowing how to prevent a SQL injection vulnerability is only half the web application security battle. A multitude of factors come into play when it […]
An Information Security Place Podcast – 8-20-13
The podcasting returns! This is the first new episode of InfoSec Place and in a few days will be the return of my web security […]
Podcast: Play in new window | Download (Duration: 57:24 — 81.8MB)
Subscribe: Apple Podcasts | RSS
Hacking Fantasy – Hackers Only Fantasy Football League
This November I will be presenting at AppSec USA, Revenge of the Geeks: Hacking Fantasy Football. So this year, I am starting a hackers only fantasy football league. Come join us to have fun and maybe make a little money!
OWASP Top 10 List Maturing – Evidenced by Minor Changes
The OWASP Top 10 list is well known as the industry standard for what matters in web security. The list, which ranks the most critical risks organizations face through their web applications, was recently updated. The 2013 Top 10 Listfeatures some incremental but noteworthy changes that point to the project’s maturity.
Chinese Corporate Cyber Espionage by Christopher R. Lew Ph.D
I attend some of the talks at security conferences for technical interest, others for political interest. This one, at 2013 B-Sides San Francisco was the […]
How predominant is Cross site request forgery (CSRF)?
Continuing my series on the talks I attended at 2013 Security B-Sides, this one from Dan Hubbard (CTO OpenDNS) and Frank Denis (@thinkumbrella) called, “Building […]
Why are we still vulnerable to side-channel attacks? (and why should I care?)
2013 B-Sides San Francisco Talk Summary Series This was a great talk given by Jasper Van Woudenberg, from Riscure. Whenever I attend these talks, I always […]
Secure SSL, “Tales of Transport Layer Security at Twitter” from 2013 B-Sides San Francisco
SSL++; Tales of Transport Layer Security at Twitter I am happy to have attended this talk, at 2013 B-Sides San Francisco, by @jimio, a Twitter […]
Surviving the Week 2/1/13 – Ruby on Rails – JSON Parser Vulnerability
Ruby on Rails – JSON Parser Vulnerability The JSON parser which converts JSON into YAML and in turn hands over to the YAML parser is […]
Tweet that, Twitter Hack: Potentially 250,000 users compromised
Last week, hackers gained access to Twitter’s internal systems and stole information, compromising 250,000 accounts. In a blog post, on Friday, Twitter announced that they […]
PayPal plugs SQL Injection Hole
An Indian researcher, Prakhar Prasad found a Blind SQL Injection vulnerability in the Paypal Notifications (https://www.paypal-notify.com) application as part of a bug bounty program. The bug enabled him to […]
Did Twitter set users up for future phishing attacks?
On the morning of the Twitter attack, I received this email: On one hand, I appreciate that Twitter was up front with their users, but […]
Techniques for creating secure passwords
Most people are starting to realize that they need to start using more complex passwords, but generally believe: complex password = hard to remember This […]
Security B-Sides SF 2013: The Pineapple Express: Live mobile application hacking demo…
All aboard the Pineapple Express, its a speeding bullet to the mobile backend! I’m looking forward to speaking at the upcoming B-Sides San Francisco. Most of […]
Anonymous Strikes Again in the Name of Aaron Swartz & Hacks US Sentencing Commission
Anonymous Hackers hacked and defaced United States Sentencing Commission under the operation called “#opLastResort”. And also threatened the US government to release sensitive information. Hacked […]
DNS Attack Takes Down Google Morocco
Google Morocco was the latest victim of a Domain Name System or DNS attack. A notorious Pakistani leet hacker group named, “PAKbugs”, hijacked Google Morocco’s […]
Anonymous Hacked & Defaced MIT in the Name of Aaron Swartz
Much has been written this week on the sad story of Aaron Swartz and the Anonymous hack executed in his name. This story has affected […]
Surviving the Week 12/21/12
HTML5 Definition Complete, W3C Moves to Interoperability Testing and Performance The 5th revision of HTML is regarded as the future of web markup language. The […]