Grab bag: Wacky programming tricks

SQL Injections Are the Most Common Website Vulnerability I think they forgot to open up the blog post with “Cross-site scripting, I’ma let you finish, but …” Seriously, the Veracode State of Software Security report found that XSS was more prevalent in web applications by a wide margin, both in terms of raw flaw count … Continue reading “Grab bag: Wacky programming tricks”

Next week: Austin, TX

You’ll be able to catch me in my professional capability twice next week. I’ll be giving a talk on Tuesday in Austin, TX to the Austin chapter of ISACA (the Information Systems Audit and Control Association) on “Best Practices for Application Risk Management.” The argument: the current frontier in securing sensitive data and systems isn’t … Continue reading “Next week: Austin, TX”

Zero day, yo

MC Frontalot releases “Zero Day” And I quote, “Man, cousin, I'm about to put in the work,/assert authority. Administrative access: crack this./If your patches back in the past, this/0day gets you on a root trip. True crypt./Key file, I will keystyle shell code,/triple sevens all up on the ch mod.” Wack. (tags: frontalot security humor)

Grab bag: Rights, Neely Bruce, and LOC

The Bill of Rights (Neely Bruce) I love it–Neely Bruce set the Bill of Rights to music, and made the movement for the First Amendment freely available including free performance rights. (tags: billofrights neelybruce) XKCD’s “We Love the Internet” reenacted with Lessig, Gaiman, Nielsen Haydens, Schneier, and many others! (Boing Boing) Nice though creepy (particularly … Continue reading “Grab bag: Rights, Neely Bruce, and LOC”

Grab bag: Google hacked in China

Google Admitting Compromise Good News (Veracode Blog) The first step to resolving the application security problem is admitting that you have a problem. Bravo, Google. (tags: security google) Official Google Blog: A new approach to China Serious consequences from the hack attack. Linking the malware attack to infiltration of dissidents’ Gmail accounts and Google’s overall … Continue reading “Grab bag: Google hacked in China”

Grab bag: learning from users and victims

Evan Williams | evhead: Why Retweet works the way it does Good explanation of the evolution of Twitter’s official retweet feature. My takeaway: RT in Twitter should now only be used as an amplifier. If you want to comment on someone’s tweet, comment on it and point to the original with a short URL rather … Continue reading “Grab bag: learning from users and victims”

Grab bag: bank hacks

Voltage, RSA spar over tokenization, data protection What has changed in online banking over the last ten years? Well, this really interesting technical discussion outlines some ways in which the industry is trying to address the security challenges. (tags: security) Large online payroll service hacked (ComputerWorld) My takeaway from this, other than the continued problem … Continue reading “Grab bag: bank hacks”

Grab bag: It might look easy but it’s not

inessential.com: Anatomy of a feature Brent, as usual, does a thorough job of documenting why even small features take time and effort to do properly. (tags: design development productmanagement) Veracode achieves record growth in first half of 2009 Our momentum release, or what I was working on when I wasn’t blogging this year. (tags: veracode … Continue reading “Grab bag: It might look easy but it’s not”

Grab bag: Certifications and reality

Certified ASS Hat (Khaki) > ASS Hats > The Institute for ASSCert Online Store You too can be a Certified ASS (Application Security Specialist)! (tags: humor security) Who Needs Facts? | TPM Talking Points Memo points up the difference between right wing advocacy and left wing news gathering in the Sanford case. (tags: southcarolina marksanford) … Continue reading “Grab bag: Certifications and reality”

Grab bag: Books, iPhones, beer, and other good things

Google Books Adds New Features And Tools (TechCrunch) I dig the embeddable preview feature; will have to check that out for some of the research I’m doing. (tags: google books) iPhone 3.0 Update: 10 Hidden Features – PC World Most are not really “hidden”, but I like the unlimited apps and special characters tips. (tags: … Continue reading “Grab bag: Books, iPhones, beer, and other good things”

Grab bag: Negotiations of various kinds.

National mileage standard paves road for cleaner cars | Green Tech – CNET News An interesting policy tradeoff — I wonder which “major lawsuits” are being dropped to get this to move forward. (tags: economy environment) But That’s Impossible! (Veracode Blog) Responses to security audits range from the funny to the sad. (tags: security)