There has been a buzz today regarding the “Predicting Social Security Numbers from Public Data” study that was released.  When I first read the blurb on Wired I noted 2 flaws in this method. Upon reading the paper I notice it only applies to SSN’s issued starting in 1988.  This is exactly the flaws I [...]

I recently collaborated on a piece for InformationWeek entitled “A How-To Guide To Cloud Computing“.  My portion was a tight 700 or so words regarding what security topics to consider when utilizing the cloud for the first time. I would have liked to write a lot more and go indepth, but it was not the [...]

Video blog rant on information security programs. This started as me just playing around with the isight camera and evolved into a full on rant.

I learned that I have no future in media.

A recent sidebar piece I wrote for InformationWeek has been posted online.
“Security software as a service is increasing in popularity in tandem with the growth in cloud computing, as emerging providers promise to lower costs while increasing security…[Read More]“

Over the last week I have been thinking about applications that could morph themselves based on some criteria.  Mostly, I have been thinking about this in respect to web applications which could change their layout automatically based on the user’s interaction with certain parts of the application or lack thereof.
Additionally, this week I have been [...]

The great folks over at the PCI council have finally done something I agree with.  They have provided a clear and concise explanation of PCI 6.6.  Typically, their direction is unclear and left to the masses to decipher.
In the new PCI 6.6 supplement, the council has given more direction on how to meet the dreaded [...]

This weekend is toorcon Seattle. If you know, then you should be there. I, unfortunately, will not be going due to prior engagements (fancy for “I have plans”).
On a semi-related note, Microsoft’s BlueHat is the first week of May.  This means Limo races and other good fun.  Again, I did not plan properly and will [...]

This URL was sent over to me by a co-worker. Looks like Google is hosting a few presentations and video related to Web Security. Worth a review.
http://code.google.com/edu/security/index.html

Today I was investigating how a 3rd party site was streaming content from another site. The silly people tried to hide their JavaScript and HTML magic by “encrypting” the source using Encrypt HTML Pro – they also put a fake error in the source to deter me (Error 505: Source Code Unavailable).
With some JavaScript [...]

The Center for Internet Security announced this morning that they will be launching an Apache Tomcat benchmark project, along with Xen and SUSE.
I am pleased to announce that I will be heading up the Tomcat project for CIS.  If you are interested, or know anyone who might be, please subscribe to the mailing list and [...]