I hate forgetting things. Here are a few GPG commands for doing the basics from…
Entering the “Cloud Security” Fray
I’ve not spent a lot of time thinking about this, but here’s how the…
A Crazy Idea Regarding the Obama Administration and Security
I have a wicked crazy idea. What if we in the information security community were…
Should We Focus on Vulnerabilities or Threats?
Richard Bejtlich just put up a post about the debate around whether we as security…
The GIAC GSE: The Grandmaster of Information Security Certifications
For anyone interested in Information Security certifications, the GIAC GSE one…
How Does One Explain SQL Injection to a Non-Techie?
Earlier today @mubix (Twitter) asked: Anyone got a good analogy to describe SQL…
The Difference Between CSRF and Clickjacking
This might be obvious to those most familiar with CSRF and Clickjacking, but for…
How to Build a Cybersecurity Career [ 2019 Update ]
Education Building Your Lab You Are Your Projects Practicing with Bounties Have…
My Preferred Definition of Security
There is much debate in the information security world regarding the proper definition…
Ever Wondered How “Fyodor” (Nmap) Got His Name?
He was a fan of another Fyodor—Fyodor Dostoevsky—and used his first…
A Summary of New Nmap Features from Blackhat/DEFCON 2008
At Fyodor‘s talk last week at Blackhat he talked about the research he’s…
End of an Era: It’s Time to Stop Making Fun of Microsoft Security
A lingering feeling that I’ve had for roughly the last year was solidified…
TTL Caging: How to Fight Malware Using Reduced TTL Values
My buddy and co-worker Steve Crapo (pronounced CRAY-poe) recently told me about…
Verisign PIP OpenID Delegation Code
So I just started using the PIP service from Verisign to handle my OpenID. It’s…
Splunk
A few things are interesting to me here at RSA 2008. Most of them I’ve known…
An Infosec Prediction: More Human-Based Attacks
As those performing attacks against corporate IT assets become more professional…
Vidoop: Monetizing Information Security
I’m excited about a certain type of security product, or, at least the idea…
Awesome New Infosec Class
The University of Washington’s School of Computing and Engineering is offering…
New Anti-Spam Tactics
So I’m trying out a new anti-spam combination: Re-captcha Akismet If you…
Rijndael is Pronounced “Rhine Dahl”
Well, technically [rɛindaːl], but “Rhine Dahl”, or even, “Rine…
Information Security as Insurance
The future of information security is to provide data to insurance companies.…
Security and Obscurity: Does Changing Your SSH Port Lower Your Risk?
My opinion on security and obscurity is that obscurity can in fact help improve…
Capturing Traffic Once and Making That Traffic Available to Multiple Tools
I’ve been obsessed with an idea for a while now of a networking and security…
Performing a “Cold-Boot” Proof of Concept Without Princeton’s Bit-Unlocker
Most in the information security community have heard of the “cold-boot” attack…
Time to Switch From Debit to Credit When Paying for Things?
I tend to prefer debit when purchasing things. It hasn’t really been a security…
