A recent New York Times article about Facebook’s ridiculous privacy policy and settings got me to take 15 minutes and lockdown my privacy settings. In the past I’ve taken the time to review my privacy settings but Facebook doesn’t make it easy to find all the settings. The NYTimes article, found here, has a precise site map [...]

Why is it that all gas stations seem to require your zip code to validate your credit card at the pump? Requiring me to type my zip code is a poor user experience and extremely poor security. According to the U.S. Census Bureau the United States only has around 40,000 zip codes. Zip codes are [...]

The popularity of short URL services, like tinyurl.com and bit.ly, has grown due to the character limits of Twitter. These services pose a security risk because they could be used to conceal the addresses malicious sites. Users are being taught to trust all URLs and just blindly click. Sites like Twitter should offer users the [...]

I got an email today from an advantageous SPAMer. Apparently, I have $11.5 million dollars coming to me. I found it interesting that this email had a disclaimer at the bottom.  These guys are getting creative. At first glance the email looked very official. These guys must make a good amount of money off the [...]

Here is a great article write by Martin McKeay check it out… Repeat after me, “The CISSP is not a technical certificate, it’s a management certificate” I’ve held my CISSP for coming on 5 years now.  I earned my CCNA around the same time, though I’ve let it lapse.  Last year I received the SANS [...]

A major attack vector web programmers sometimes forget about is input cleansing. If user inputs are not cleansed prior to submitting the data to the SQL server attackers can submit malicious code to the server. This code can make the server return more data than it should or allow the attacker to delete entire databases. [...]

The other week I found a major security hole in one of the systems at work. I notified my manager who then notified the correct people. I am waiting to see if this issue gets resolved. So far I have not seen any progress towards closing the hole. Lack of motivation to path security holes seems [...]

Fun Article from the Security Catalyst. Full Article Here. In addition to getting to break things in order to help our customers prevent assorted miscreants from doing so, one of the many hats I wear at QuietMove is the amorphous responsibility of ‘business development.’ In English, that means I identify organizations that could benefit from [...]

Great article by Bruce Schneier title How To Not Catch Terrorist. Click here for the article. “Data mining for terrorists: It’s an idea that just won’t die. But it won’t find any terrorists, it puts us at greater risk of crimes like identity theft, and it gives the police far too much power in a [...]

The Principle of Least privilege simply put requires that in a computing system every process, user, and program must be able to access only information and resources that are necessary to its job duty. The principle of least privilege was first introduced in the mid 1970′s. The book “Fault Tolerant Operating Systems” by Peter J. [...]