OWASP Development Guide – what do you want in, and what do you want out?
It’s time to do some curating of the OWASP Developer Guide. This is where my tastes meet the community’s – what do you want in the Guide, and what do you want out of the guide? As much as I want to be...
View ArticleOn penetration testing – harmful?
Over at Sensepost Security, there’s a new blog entry wondering about Haroon Meer‘s talk “Penetration Testing Considered Harmful“. Those who know me know that I’ve had this view for a very long time....
View ArticleFedora 17 install on VMWare Fusion 4 / Workstation 8
I am moving over to using Fedora from Ubuntu as I am helping out with the OLPC XS (School Server) on XO laptop effort, which is Fedora based. Fedora 17, codename The Beefy Miracle (seriously), has just...
View ArticlePCI DSS QSA vs ISA smack down
In his post “PCI’s Money Making Cash Cow“, Andrew Weidenhamer must have had a bad week of being challenged (or in his words, “bullied’) by an PCI DSS Internal Security Auditor (ISA). This is not...
View ArticleShame, Slashdot, Shame – misogyny and moderation
Our industry suffers from a lack of women – women in senior positions are very rare, women who do what I do I can count on my hands without resorting to binary, and there are so few women coming out of...
View ArticleSpeaking at Linux.conf.au 2013
I’m glad to say that I’ve been accepted to speak at linux.conf.au 2013. My talk is how to apply the OWASP Developer Guide 2013 to your open source project. The Open Web Application Security Project...
View ArticleOWASP Guide 2013 – Developers needed!
The Developer Guide is a huge project; it will be over 400 pages once completed, hopefully written by tens of authors from all over the world, and will hopefully become the last “big bang” update for...
View ArticlePTV iPhone app – worst public transport app ever, or just pure evil?
I take the train between Marshall and Southern Cross Station, a terminus station with 14 or 15 platforms and hundreds of V/Line country, suburban and bus services daily. I had an app that worked (the...
View ArticleOWASP Developer Guide – time for a new meeting
If you are participating in the OWASP Developer Guide, I want to have another status meeting Friday next week. Friday 2nd November 1300 UTC Saturday 3rd November 0000 AEDST (my time zone) Come be my...
View ArticleTime to update knowledge
This might be telling folks to suck eggs, but if you are doing secure code reviews and your development skills relate to type 1 JSP and Struts 1.3, it’s really time you got stuck into volunteering to...
View ArticleInstalling Fedora 18 (RTM) to VMWare Fusion 5 or VMWare Workstation 9
I always live in hope that just one day, the folks over at Fedora will actually have a pain free VMWare installation. Not to be. Here’s how to do it with the minimal gnashing of teeth. Bugs that get...
View ArticleSecuring WordPress with obfuscation
So in a fit of security through obscurity, I renamed my WordPress database tables and promptly broke WordPress with a highly informative “You do not have sufficient permissions to access this page.”...
View ArticleArgumentum ad antiquitatem
This post is not in Latin, but essentially a call to the Information Security industry to end policies based upon argumentum ad antiquitatem, which includes: Password change, complexity and length...
View ArticleCuration
I have taken the step of finally splitting the cut-n-paste import from my blog at Advogato into the days they actually occurred. All that content was here previously, but in some cases bunched together...
View ArticleClik here to view.
Zombie Apocalypse – Economic armageddon using Gresham’s Law
I was heartened to find out that someone was given grant money for a study that demonstrates that the fresh brains market in a zombie apocalypse would peter out after six months. Afterwards, the earth...
View ArticleRunning Fortify SCA 3.80 on Ubuntu 12.04 64 bit Linux
I have a bit of a code review job at the moment. It’s a large code base, and you all know what that means. LOTS OF RAM! So I got me a 16 GB upgrade. Then I found that I could only allocate 8 GB to a VM...
View ArticleResponsible disclosure failed – Apple ID password reset flaw
Responsible disclosure is a double edged sword. The faustian bargain is I keep my mouth shut to give you time to fix the flaws, not ignore me. I would humbly suggest that it is very relevant to your...
View ArticleClik here to view.
Update on Fedora 18 on VMWare Fusion 5.0.3
Everything now works. The quick version is: Create a new Fedora 18 VM Do not use “Easy install” Disable 3D acceleration in the VM settings (Command-E) prior to starting the install, otherwise you get...
View ArticleMarketing – first against the wall when the revolution comes
A colleague of mine just received one of those awful marketing calls where the vendor rings *you* and demands your personal information “for privacy reasons” before continuing with the phone call....
View ArticleInfosec apostasy
I’ve been mulling this one over for a while. And honestly, after a post to an internal global mail list at work putting forward my ideas, I’ve come to realise there are at least two camps in...
View Article
