Security checklists are not bad, it’s how they’re used

There’s a meme that’s been running around the anti-PCI DSS crowd for a while, that’s starting to get good traction in otherwise sane infosec folks: (Paraphrasing) Checklists don’t work Actually, PCI DSS is making in-roads in containing data breaches. See for yourself. So what’s the big deal? Those who know me, know several things: I […]

Top 2010 Defenses

I’d like to announce the inaugural Top 2010 Web App Sec Defenses Compendium. I can’t offer prizes, because defenses are simply not that sexy. (If you do have prizes that could be offered, web app sec researchers will be over the moon. E-mail me) Defenses change the world. Defenses make software more secure – permanently, and […]

CPRS / ETS / “a price on carbon” is back. WTF!

The government never seems to learn. They nearly lost the election, they lost their previous leader, and the opposition lost their previous leader over a money spinning taxation mechanism called “a price on carbon”. No second order mechanism has ever succeeded in their intended effects, and always have unintended consequences. Legislating first order effects is simply much […]

Arbib is a spy, or we are the 50-57th states of the USA

Mark Arbib, agent provocateur of the right wing ALP and one of those involved in the coup against Prime Minister Kevin Rudd, turns out to be a protected source of the United States. The Age calls Mark Arbib a “confidential contact” for the USA, but so was convicted spy Jean-Philippe Wispelaere. According to Wikileaks disclosure of […]