May 4, 2009 Why applications have security bugs http://blogs.msdn.com/aaron_margosis/archive/2008/03/03/why-apps-have-security-bugs-attempted-humor.aspx It was this comment to the posting that caught my attention: Some of us idiots used to think that any devs who weren’t…
May 4, 2009 OWASP Top Ten is really the OWASP Top 6.5 Image via Wikipedia http://secureme.blogspot.com/2005/10/owasp-top-ten-is-really-owasp-top-65.html This is somewhat dated, but so what? Most of the points raised still hold valid. It opens: CIO/CSO: “I just…
April 28, 2009 Swine Flu Issues – insufficient discrimination The trouble with some people is that they make some deceptively reasonable comments that don’t stand up under critical analysis  With an ailing economy…
April 2, 2009 Famous Last Words My favourite ‘famous last words‘ are “I wonder what this button is for” Mind you, one job I had that worked the graveyard shift,…
March 5, 2009 Couldn’t happen to a nicer buncha guys … An independent security consultant describes how vulnerabilities in unpatched releases of the Zeus crimeware kit are being exploited by hackers in order to steal…
March 2, 2009 Small firms are taking fraud protection too lightly, says Visa Canada Forty-one percent of small businesses surveyed by Visa Canada said they don’t believe data thieves and hackers will target them because of their…
February 5, 2009 Yes! It’s the cardboard PC! I would hate to have to do a risk analysis on the use of these! Oh, and then there’s Bamboo! http://www.reghardware.co.uk/2008/12/02/asus_bamboo_laptop/ What’s next? Soy?…
December 17, 2008 The IDE of Choice: VI I do a bit of work on the fringe of the Ruby community, and the Mac is popular there along with an IDE or…
March 26, 2007 Codify Hacking http://www.infoworld.com/article/07/03/24/HNshmoocon_whitehats_1.html The Hacker Foundation, a non-profit organization of ethical security researchers, is trying to extend its reach and encourage more people to join its…
January 10, 2007 Cabling blunder fouls up DoD network http://www.infoworld.com/article/07/01/09/03OPrecord_1.html?source=NLC-RECORD2007-01-10 I had a similar experience with a manufacturer based her in TO. They insisted in using their own electrician, who was a power/HVAC…
December 1, 2006 Denial – Software Quality and the C-I-A of Security There is only one really meaningful light-bulb joke: Q: How many psychiatrists does it take to change a lightbulb? A: Only one, but the…
June 12, 2006 Europe must be crazy http://www.csoonline.com/caveat/060606.html?source=csoupdateMaybe they know something we don’t? Maybe they do have good security, but they are doing what we say security should be, and that…
June 12, 2006 Encrypted USB flash drives http://blogs.zdnet.com/hardware/?p=14&tag=nl.e539 Yea, right. Fine for the monoculture, but what about us types for whom MS-Windows is not the ne-plus-ultra, not the first choice? Oh,…
May 30, 2006 Win either way AT&T leaks sensitive info in NSA suit http://news.com.com/AT38T+leaks+sensitive+info+in+NSA+suit/2100-1028_3-6077353.html The beauty of this is whether ATnT wins or looses, we in InfoSec come out ahead….
May 11, 2006 Laws won’t stop cybercriminals, say experts They won’t? Tell us something we didn’t know. (A follow-on to http://www.securityabsurdity.com/failure.php) Is this any different from the Canukistani Federal Gun Registry Boondoggle? You…
April 10, 2006 New twist on laptop theft We’ve all read about how the Big N-1 Accounting firms have had laptops stolen with financial & personal details of their client’s employees. Well…
March 20, 2006 It’s a crime to delete files Occasionally I pluck up enough courage to read the Risks Digest. I found this: http://catless.ncl.ac.uk/Risks/24.20.html#subj6 If you don’t read Risks Digest regularly you probably…
March 14, 2006 Better than Free Chocolate Bars Some while ago people were peruaded to give up their passwords in exchange for a chocolate bar. This goes one better With chocolate bars…
February 27, 2006 “Vendors that don’t understand security, except that it will make them money” That assertion is the title of this article: http://www.crn.com/showArticle.jhtml?articleID=180203279I think they used the wrong tagline! “Just about everyone is hawking security, secure networks, secure…
February 15, 2006 Gates says security boils down to four focus areas http://www.networkworld.com/news/2006/021406-gates-keynote-rsa-security.html However its unclear what those four areas are from the article. The best quote I can find relating to it is: Gates then…
