I recently collaborated on a piece for InformationWeek entitled “A How-To Guide To Cloud Computing“.  My portion was a tight 700 or so words regarding what security topics to consider when utilizing the cloud for the first time. I would have liked to write a lot more and go indepth, but it was not the [...]

Video blog rant on information security programs. This started as me just playing around with the isight camera and evolved into a full on rant.

I learned that I have no future in media.

A recent sidebar piece I wrote for InformationWeek has been posted online.
“Security software as a service is increasing in popularity in tandem with the growth in cloud computing, as emerging providers promise to lower costs while increasing security…[Read More]“

Over the last week I have been thinking about applications that could morph themselves based on some criteria.  Mostly, I have been thinking about this in respect to web applications which could change their layout automatically based on the user’s interaction with certain parts of the application or lack thereof.
Additionally, this week I have been [...]

The great folks over at the PCI council have finally done something I agree with.  They have provided a clear and concise explanation of PCI 6.6.  Typically, their direction is unclear and left to the masses to decipher.
In the new PCI 6.6 supplement, the council has given more direction on how to meet the dreaded [...]

This URL was sent over to me by a co-worker. Looks like Google is hosting a few presentations and video related to Web Security. Worth a review.
http://code.google.com/edu/security/index.html

Today I was investigating how a 3rd party site was streaming content from another site. The silly people tried to hide their JavaScript and HTML magic by “encrypting” the source using Encrypt HTML Pro – they also put a fake error in the source to deter me (Error 505: Source Code Unavailable).
With some JavaScript [...]

The Center for Internet Security announced this morning that they will be launching an Apache Tomcat benchmark project, along with Xen and SUSE.
I am pleased to announce that I will be heading up the Tomcat project for CIS.  If you are interested, or know anyone who might be, please subscribe to the mailing list and [...]

Via the SPI Dynamics blog ,I saw that Ory Segal of IBM/Watchfire released an analysis of Larry Suto’s scanner comparison.   If you recall, Jeff Foristal of SPI released his own a few weeks back. I will let you compare and make up your mind, but I will note that both are much more open and [...]

Recently I posted about PCI’s new payment application mandate coming out. Today I was lucky enough to receive a draft version, a comment sheet, and the associated NDA (thus why I have not posted the documents here).
A quick review basically outlines what we expected. PCI is taking Visa’s PABP program, transitioning it into PCI [...]