Penetration testing falls into three basic categories based on the posture of…
Thank You, MS05-039
Ah, hacking the Gibson and listening to pre-reign-in-blood Slayer. Life is good.…
You Already Have Admin, Dumbass
There’s an old saying in Tennessee — I know it’s in Texas, probably…
Why CISSPs DO Need to Be Decently Versed in Technology
I have been taking a bit of flak regarding my post comparing the CISSP to the…
Should CISSP’s Know Basic Networking?
I say yes. Martin McKeay from Network Security Blog disagrees. He writes: I kind…
A Flag Shibboleth
Here’s an interesting security tidbit from the world of flags. There’s…
Observations From DEFCON
DEFCON is a Social Networking Event DEFCON makes all of the audio and video content…
Why Bush’s War On Terror Is Failing: A Risk Management Perspective
By now we’re all quite familiar with the Bush administration’s stance…
Vulnerability Management Without Asset Management, Isn’t
I’ve been doing some work for a client recently in the realm of vulnerability…
Secure Your Site With ROT26 Encryption
Well, I’ve just finished locking down the entire site with industry standard…
Measuring The Quality Of A Society
I can always tell when I’m in a bad neighborhood. I don’t have to…
Security Is Not A Technology Problem: Why Companies Need To Be Looking At Organizational Issues Instead Of Products
As a consultant I constantly come across organizations that are more than willing…
Security: How Network Ports Work
Many who are new to networking and security wonder what it means to have “ports”…
Vista’s Security Hobbled By Microsoft’s Own Insecure Past
Yesterday I wrote about Joanna Rutkowska’s work that highlighted a serious…
Security: Implementing A Secure And Usable Internet Password Scheme
Being an information security consultant I am often asked how to balance the need…
Security Filters Are All The Same
Let me start by stating that much of what I’m about to cover was seeded…
My First 2600 Meeting
Last Friday I went to my first 2600 meeting. It was, of course, here in New York…
6 Steps To Becoming An Information Security Guru
A recent poster in an information security forum asked what it takes to succeed…
BioPassword: Two-Factor Authentication The Easy Way
For anyone those who hasn’t heard about it, there’s a really cool…
Security: How To Monitor Your Network Connections
One of the most important concepts in computer security is “knowing thy…
Stop Freaking Out When People Use “Hacker” To Mean Computer Criminal
People who use the word “hacker” when they’re referring to computer…
A Hacker Is A Criminal
A Hacker is a bad guy—someone trying to break into computers with the intent…
Hostfind: Another Lame Tool
Only this one is more lamerer. This will take a list of words from a list you…
DMZs: NATing vs. Using Public Addresses
Here’s a snip from a forum question that I’m getting ready to write…
Information Security: The End Of The Wild West
[ Aug 2, 2006 ] If you’re an information security administrator/analyst…