Seriously. When will people (even security pros) ever learn? This is the IRC log between a few security pros who are involved in w00w00.org and BlackOps.org from an insanely long tour de force brag post that seemingly showed up folks from the big guns like Google, through security ISVs such Core Security through several security…
Author: vanderaj
Security trends for 2012
Folks will continue to use abc123 as their password. They will then be surprised when they’re completely pwned. Folks will continue to not patch their apps and operating systems. They will then be surprised when they’re completely pwned. Folks will continue to use apps as administrator or god like privileges. They will then be surprised when they’re…
Resurrecting the wife’s laptop – Asus hates you and you and you
At Christmas last year, I bought a new laptop for the wife, an Asus K52DR with 4 GB of RAM and 500 GB hard drive. I quote from then: […Asus should…] supply a real copy of Windows 7 installation media, so you can clean install the OS easily instead of wasting hours and hours and…
Hope
One of my favorite TV shows is the Gruen Transfer, a show deconstructing advertising. Don’t laugh, it’s the ABC’s #1 TV show. A few weeks back, one of the panelists revealed that there are two fundamental ways to sell things – fear, as in: Late 1980\’s Anti-AIDS advert and hope, as in: Durex condom…
RIP Meebles 1997-2011. Best cat ever
Some blog entries are easy to write. Not this one. Meebles is no more. In the end, it was peaceful, but his last days must have been hell. At least he had chicken (and lots of it) last night. I first met Meebles in early 1998 when I was looking for a companion to Greebo….
On APT
Recently, RSA was attacked by adversaries who targeted their two factor authentication fobs. These devices have known MITM issues, but folks still used them because there was so little information out there to say that a better choice is required. RSA liked it that way. RSA chose not to discuss the details of the attack,…
Time for something new
As many of you have probably noticed by now, my larger than life frame is not at AusCERT 2011. This is a shame as it sounding like one of the best AusCERTs in the history of AusCERT. There’s a couple of reasons for my absence – flu and the strange case of the disappearing job. My services at…
Upcoming speaking engagements – AusCERT and iTSMF
I am scheduled to talk or give tutorials at a couple of places so far this year. AusCERT I am giving a two day Secure Coding tutorial using OWASP’s Application Security Verification Standard. This course is different to most security training courses you’ll ever take. It teaches architects, lead developers and developers how to design…
OWASP Podcast 82 – Authorship of OWASP Top 10 2007
Dave Wichers* appears in the latest OWASP Podcast (go get it!). In the podcast, he goes through the huge number of OWASP projects he’s been involved in. There’s no doubt Dave’s massive investment in time, intellectual property, and money have been instrumental to OWASP’s success. Without Jeff and Dave’s leadership and contributions, OWASP would be…
Need a secure code review? We have slots available
I don’t normally pimp my employer, but I’d rather be doing secure code reviews than pen tests any day of the week. 🙂 We have open slots in our schedule for secure code reviews starting from mid March 2011. We perform our code reviews against the OWASP Application Security Verification Standard Level 2B – Automated…