Malware analysis
This is a pretty awesome selection of tools. http://sempersecurus.blogspot.com/2011/06/malware-sandbox-services-and-software.html
View ArticleHow bad relationships break the home
Mom complains that the door isn't locked and says Dad should lock it before he comes to bed. Dad says she's over-reacting; it's a safe neighborhood. Besides, he remembers that time she had a total...
View ArticleThe problem with certifications and CBKs
A lot of people complain that certifications demonstrate a familiarity with a Common Body of Knowledge (CBK), but that a familiarity with the knowledge does not indicate competence at applying it. In...
View ArticleConference Angst
I've been to my share of InfoSec conferences, and there seems to be a universal undercurrent of dissatisfaction regardless of the conference. There are the complaints that the speakers are chosen...
View ArticleThe New MacBook Pro
My old 17" MBP gave up the ghost recently. I had reached 98% capacity in my 120 GB drive, and my VMs were dying with Snow Leopard with only 2 GB of RAM. This was the max at the time that the model...
View ArticleIt's all about the man purse
At this point, I don't think it's unreasonable to expect that cell phones and tablets will ultimately merge into a single device, and that it will take over the role of the Roku and DVR as...
View Article5 Questions to ask before starting a Vulnerability Management Program
Many if not most organizations are already operating at a capacity to sustain the existing work without taking on significant amounts of new work. Since a vulnerability scanning program has the...
View ArticleThe Singularity
Every now and then, the conversation resurfaces: when will The Singularity occur, and what will we do when it happens?A basic question about it is, if only the most talented of us are worthy of power,...
View ArticleUnderstanding, Underachievement, and the Impact of Conformity
Work smarter, not harder does not mean you can replace all your smart employees with tools and cheap button clickers. The fallacy is, tools are not a 1:1 replacement for people. You have the cost of...
View ArticlePersonalizing Data Security Part 1
The problem with data security is that it isn't personal. Those who have the responsibility for security often don't have a personal stake. Sometimes, the issue is with jargon. So, let's have story...
View ArticlePersonalizing Data Security Part 2
Previously, we created a story that aligns data security with buying the best car for your only teenaged daughter. Now, let's explore the choice between vulnerability assessment and penetration testing...
View ArticlePersonalizing Data Security Part 3
In parts 1and 2, we talked about various forms of security testing and evaluation by telling a story about a concerned parent purchasing (and evaluating) a car for the newly licensed teenaged daughter....
View ArticleClik here to view.
CarolinaCon X Crypto Challenge Writeup
This year, I offered to run the crypto challenge at CarolinaCon X. I was offered the advice that very complex challenges were often met with frustration during the conference and it was requested that...
View ArticleHow do I prioritize what to fix?
I spent about six years in vulnerability management before I decided to go be a penetration tester. I was frustrated by having to rely on the analysis of others, and on generalized guesswork to...
View ArticleStop using your vulnerability scanner for patch auditing!
Patch auditing is important, and you should do it, but your vulnerability scanner or sevice can (and should) do so much more.Patching is designed to address the things you know about (or should know...
View ArticlePriorities, CVEs, and CVSS
Even after processes are shored up, there will still be a need to prioritize what needs to be fixed next. Hopefully, with vetted and working processes backing up remediation efforts, this clean up will...
View ArticlePassword Science 101 - Password security for Everyone
There's always a lot of press coverage about passwords whenever someone gets hacked.Since passwords are something that everyone has some personal control over, it's a worthy message to put out there....
View ArticlePassword Science - 201, the intermediate view
In Password Science 101, I gave a quick, very beginner introduction about what every person with a password can do to make a difference in security.This post will be a longer post that talks a little...
View ArticlePassword Science 301 - Attacker tricks
In my last two posts (Password Science 101 and Password Science 201), I talked about password security from an introductory view, and hit on some of the math involved.In this post, I'll talk a little...
View ArticlePresenting at Conferences for Dummies
I was watching Defcon Unlocked Presentations and was inspired to blog about it.The conversation centered around new people and especially women and minorities who feel like their message or their voice...
View ArticleSex, Hacking, and Politics of Unicorns
I tend to try to deal with socially awkward situations using humor. It's a self-defense mechanism designed to prevent escalation in otherwise tense situations. So, when a well-meaning co-worker...
View Article
