My Thoughts and Ramblings
A recent New York Times article about Facebook’s ridiculous privacy policy and settings got me to take 15 minutes and lockdown my privacy settings. In the past I’ve taken the time to review my privacy settings but Facebook doesn’t make …
Why is it that all gas stations seem to require your zip code to validate your credit card at the pump? Requiring me to type my zip code is a poor user experience and extremely poor security. According to the …
The popularity of short URL services, like tinyurl.com and bit.ly, has grown due to the character limits of Twitter. These services pose a security risk because they could be used to conceal the addresses malicious sites. Users are being taught …
I got an email today from an advantageous SPAMer. Apparently, I have $11.5 million dollars coming to me. I found it interesting that this email had a disclaimer at the bottom. These guys are getting creative. At first glance the …
Here is a great article write by Martin McKeay check it out… Repeat after me, “The CISSP is not a technical certificate, it’s a management certificate” I’ve held my CISSP for coming on 5 years now. I earned my CCNA …
A major attack vector web programmers sometimes forget about is input cleansing. If user inputs are not cleansed prior to submitting the data to the SQL server attackers can submit malicious code to the server. This code can make the …
The other week I found a major security hole in one of the systems at work. I notified my manager who then notified the correct people. I am waiting to see if this issue gets resolved. So far I have …
Fun Article from the Security Catalyst. Full Article Here. In addition to getting to break things in order to help our customers prevent assorted miscreants from doing so, one of the many hats I wear at QuietMove is the amorphous …
How to Create a Security Team for $4.95, Plus Tax – Security Catalyst Read more »
Great article by Bruce Schneier title How To Not Catch Terrorist. Click here for the article. “Data mining for terrorists: It’s an idea that just won’t die. But it won’t find any terrorists, it puts us at greater risk of …
The Principle of Least privilege simply put requires that in a computing system every process, user, and program must be able to access only information and resources that are necessary to its job duty. The principle of least privilege was …