I wish I had the ultimate tool, whether that is a programing language such as perl, python and ruby, or whether it is a framework like metasploit and vulnerability scanner like nessus. I wish, but I know that such thing doesn’t exist and probably never will.
Lately I’ve been dropping a lot bash scripts on public forums and of course on work related projects. Many people came back to me asking why I chose bash. Python or perl would have been better! [...]
I’ve got quite a lot of good feedback on the security buzzword generator I announced yesterday. For those of you who do not know, the generator is a fun little utility part of the GNUCITIZEN campaigns which helps you with coming up with new and exciting buzzwords like a security pro.
We often laugh when a new buzzword makes its rounds in the media but the matter of fact is that buzzwords are important. [...]
Do some people have the magical skill to find vulnerabilities with ease while others don’t! Of course not! I disagree with the whole tendency to believe that technical understandings is all that is needed to find vulnerabilities.
It is mostly persistence that plays a role. Most of the researchers I know have almost zero knowledge on the subjects they dive into. [...]
Work with the system rather against it. I have always been a big fan of this approach as it proved to be successful every time it was put into practice.
So you receive one of these phone calls. The girl on the other end presents herself as Jessica Smith. The company has to do something with financing. The conversation goes as usual. [...]
And the are a lot of privacy concerns too.
IMHO, the way the Twitter folks designed their system, is totally wrong. The one and only major concern is that 3rd-part software is allowed to communicate with Twitter’s API by using the user’s login credentials. This is a bit insane as you can imagine. Why would you want to share your username and password with someone you certainly don’t trust? [...]
I am sure that you know this song. Yes, Daft Punk absolute rocks, although this post is about malware not the band.
Anyway, I was going through some blogs today and I stumbled across some articles regarding a malware affecting MacOS. Apparently this piece of malicious software is of a type downloader/installer. All it does is to connect to a remote server, fetch the payload and execute. Nothing special really! [...]
According to Wikipedia: In hacker culture, a script kiddie is a derogatory term used for an inexperienced malicious hacker who uses programs developed by others to attack computer systems, and deface websites. It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated hacking programs on their own, and that their objective is to try to impress their friends or gain credit in underground hacker communities. [...]
Someone on LinkedIn asked: Is Information Security driven by compliance? to which I say yes and this is a problem!:
My long answer goes like this:
This is certainly not the best answer. Follow the discussion over here. You are not going to learn anything technical but at least you will get a good idea how the majority of security professionals on LinkedIn think.
Why we are so obsessed with the newest exploit and attack developments while forgetting that the world hasn’t changed much since the last time we looked at it and laughed.
I think it is because very few of us, if anyone, are capable of looking into the entire security landscape with an open eyes and clear mind. [...]
If you read the Wikipedia’s definition of Tiger Team you get the following: A tiger team is a specialized group tasked with testing the effectiveness of an organization’s ability to protect assets by attempting to circumvent, defeat or otherwise thwart that organization’s internal and external security. And further down we have In the computer security field, the term is now obsolete, and more common terms are penetration testers or security testers. [...]
test your web apps with websecurify application security testing runtime