Still going after all these years.
You’ll be able to catch me in my professional capability twice next week. I’ll be giving a talk on Tuesday in Austin, TX to the Austin chapter of ISACA (the Information Systems Audit and Control Association) on “Best Practices for Application Risk Management.” The argument: the current frontier in securing sensitive data and systems isn’t … Continue reading “Next week: Austin, TX”
MC Frontalot releases “Zero Day” And I quote, “Man, cousin, I'm about to put in the work,/assert authority. Administrative access: crack this./If your patches back in the past, this/0day gets you on a root trip. True crypt./Key file, I will keystyle shell code,/triple sevens all up on the ch mod.” Wack. (tags: frontalot security humor)
The Bill of Rights (Neely Bruce) I love it–Neely Bruce set the Bill of Rights to music, and made the movement for the First Amendment freely available including free performance rights. (tags: billofrights neelybruce) XKCD’s “We Love the Internet” reenacted with Lessig, Gaiman, Nielsen Haydens, Schneier, and many others! (Boing Boing) Nice though creepy (particularly … Continue reading “Grab bag: Rights, Neely Bruce, and LOC”
Google Admitting Compromise Good News (Veracode Blog) The first step to resolving the application security problem is admitting that you have a problem. Bravo, Google. (tags: security google) Official Google Blog: A new approach to China Serious consequences from the hack attack. Linking the malware attack to infiltration of dissidents’ Gmail accounts and Google’s overall … Continue reading “Grab bag: Google hacked in China”
SCAwards2010-Finalists – SC Magazine US Veracode is a finalist for Best Security Software Development Solution. (tags: veracode award security)
Evan Williams | evhead: Why Retweet works the way it does Good explanation of the evolution of Twitter’s official retweet feature. My takeaway: RT in Twitter should now only be used as an amplifier. If you want to comment on someone’s tweet, comment on it and point to the original with a short URL rather … Continue reading “Grab bag: learning from users and victims”
Nine Worthies (4): Maazel’s Metronome | Classical Music “Here’s what Beethoven’s Ninth felt like on Friday, with Lorin Maazel conducting the Boston Symphony Orchestra. Imagine that you gave someone a fancy sports car, and they drove it around for a while without realizing that it had more than one gear, and then made up for … Continue reading “Grab bag: Post-B9”
Voltage, RSA spar over tokenization, data protection What has changed in online banking over the last ten years? Well, this really interesting technical discussion outlines some ways in which the industry is trying to address the security challenges. (tags: security) Large online payroll service hacked (ComputerWorld) My takeaway from this, other than the continued problem … Continue reading “Grab bag: bank hacks”
inessential.com: Anatomy of a feature Brent, as usual, does a thorough job of documenting why even small features take time and effort to do properly. (tags: design development productmanagement) Veracode achieves record growth in first half of 2009 Our momentum release, or what I was working on when I wasn’t blogging this year. (tags: veracode … Continue reading “Grab bag: It might look easy but it’s not”
Byte Code Analysis is not the Same as Binary Analysis Gartner’s Neil MacDonald lays out the difference between bytecode analysis and binary analysis. Veracode does binary, and is the only vendor to offer binary analysis of C/C++ apps. (tags: Security gartner)
Certified ASS Hat (Khaki) > ASS Hats > The Institute for ASSCert Online Store You too can be a Certified ASS (Application Security Specialist)! (tags: humor security) Who Needs Facts? | TPM Talking Points Memo points up the difference between right wing advocacy and left wing news gathering in the Sanford case. (tags: southcarolina marksanford) … Continue reading “Grab bag: Certifications and reality”
Google Books Adds New Features And Tools (TechCrunch) I dig the embeddable preview feature; will have to check that out for some of the research I’m doing. (tags: google books) iPhone 3.0 Update: 10 Hidden Features – PC World Most are not really “hidden”, but I like the unlimited apps and special characters tips. (tags: … Continue reading “Grab bag: Books, iPhones, beer, and other good things”
National mileage standard paves road for cleaner cars | Green Tech – CNET News An interesting policy tradeoff — I wonder which “major lawsuits” are being dropped to get this to move forward. (tags: economy environment) But That’s Impossible! (Veracode Blog) Responses to security audits range from the funny to the sad. (tags: security)
Last week I indulged in a little live tweeting of a webinar my firm, Veracode, did with Chanxi Wang of Forrester, following up on our recent announcement of an independent survey in which 62% of the respondents reported being breached through at least one application vulnerability in 2008. I’ve reposted the substance of my tweets … Continue reading “The Forrester application survey: 62% hacked through apps”
Adjix has a breakthrough idea in URL shorteners (Scripting News) Interesting if retroactively obvious way to future-proof URL shortener links. (tags: twitter) Decoding the Verizon DBIR 2009 Cover Chris Eng shows how crypto is done. Finishing in the top 3 isn’t too bad and whoever dreamed up the cipher in the cover clearly had a … Continue reading “Grab bag: Hacking and other sensible things”