I recently wrote an article for InformationWeek, How To Assess Offshore Data Security. You should read it, it is a good piece. Of course I am biased.
There are a few points I want to add that did not fit directly into the article. These points apply to all infosec programs, so even if you don’t care about offshore security keep reading.
Continue reading ‘Securing Data OffShore’
For those not familiar with Summercon, it is "a strong tradition of last minute disorganized last-minute planning".
If we are going to release security flaws which might lead us into an industry shakedown, we may as well go for the trifecta.
Every day I spent my time researching new ways to do things I have done for years, for example this weekend I spent 27 hours researching a new way to present Java EE HTTP uploads using AJAX, Servlets and EJB's. Yeah I know - blah blah, "we all do that kind of thing, who cares". But AH! I have been doing the same thing for something we are all familiar with. MySpace! Yes its rubbish, yes its been hacked together from ColdFusion and ASP .NET elements and YES it always seems to be broken, BUT there seems to be a massive market out there for people who want to make a quick buck from generating MySpace friend adders, or mass commenter's. They charge a fortune to download these applications to spam other MySpace users, why can't I make a free one? screw those guys… lets open source it! So I thought - How hard can it be? so I started to investigate and I was quite excited as to what I found. Continue reading ‘Hacking MySpace - The Basics - P1′
