Tools of Trade

Lately I’ve been dropping a lot bash scripts on public forums and of course on work related projects. Many people came back to me asking why I chose bash. Python or perl would have been better! While I agree that both python and perl are a lot more expressive, I disagree that tools in general should be written just to accommodate the needs of a particular framework. Tools are tools and they have their lifetime just like everything else. So should we bother? [...]

more | comments | comments rss | posted by

On Security Buzzwords

I’ve got quite a lot of good feedback on the security buzzword generator I announced yesterday. For those of you who do not know, the generator is a fun little utility which helps you with coming up with new and exciting buzzwords like a security pro.

We often laugh when a new buzzword makes its rounds in the media but the matter of fact is that buzzwords are important. In essence, buzzwords are just terminology which happens to be used extensively by the media. [...]

more | comments | comments rss | posted by

It is Persistence

Do some people have the magical skill to find vulnerabilities with ease while others don’t! Of course not! I disagree with the whole tendency to believe that technical understandings is all that is needed to find vulnerabilities.

It is mostly persistence that plays a role. Most of the researchers I know have almost zero knowledge on the subjects they dive into. [...]

more | comments | comments rss | posted by

Identity Theft Attacks

Work with the system rather against it. I have always been a big fan of this approach as it proved to be successful every time it was put into practice.

So you receive one of these phone calls. The girl on the other end presents herself as Jessica Smith. The company has to do something with financing. The conversation goes as usual. [...]

more | comments | comments rss | posted by

Twitter’s Security is so Poor

…and there are a lot of privacy concerns too.

IMHO, the way the Twitter folks designed their system, is totally wrong. The one and only major concern is that 3rd-part software is allowed to communicate with Twitter’s API by using the user’s login credentials. This is a bit insane as you can imagine. Why would you want to share your username and password with someone you certainly don’t trust? [...]

more | comments | comments rss | posted by

Harder, Better, Faster, Stronger – The Malware

I am sure that you know this song. Yes, Daft Punk absolute rocks, although this post is about malware not the band.

Anyway, I was going through some blogs today and I stumbled across some articles regarding a malware affecting MacOS. Apparently this piece of malicious software is of a type downloader/installer. All it does is to connect to a remote server, fetch the payload and execute. Nothing special really! [...]

more | comments | comments rss | posted by

Script Kiddies

According to Wikipedia:

It continues continues: Script kiddies have at their disposal a large number of effective, easily downloadable malicious programs capable of harassing even advanced computers and networks.

Anyway, according to Wikipedia, I do not know a single person involved in the information security industry today that does not fit the description of a script kiddie. [...]

more | comments | comments rss | posted by

Compliance

Someone on LinkedIn asked: Is Information Security driven by compliance? to which I say yes and this is a problem!

My long answer goes like this:

This is certainly not the best answer. Follow the discussion over here. You are not going to learn anything technical but at least you will get a good idea how the majority of security professionals on LinkedIn think.

more | comments | comments rss | posted by

Fear

Here is a thought for you: The entire information security industry today is based on fear. The fear of getting hacked and your integrity and reputation being publicly jeopardized and challenged.

This is what gives security vendors the power to sell you useless products which you don’t really need.

more | comments | comments rss | posted by

Most Attractive Targets: SaaS

SaaS stands for Software as a Service, which is the new hot topic on the market. It is so hot, it radiates light. Of course all vendors are jumping into the SaaS bandwagon, and for a reason. The usual benefits/reasons that are given to new clients are: 01 There is no upfront cost involved., 02 There is no admin and setup overhead., 03 In the long term it costs less., 04 And it scales quite well (patching, bug fixes and machine power are instant). [...]

more | comments | comments rss | posted by