I recently wrote an article for InformationWeek, How To Assess Offshore Data Security. You should read it, it is a good piece. Of course I am biased.
There are a few points I want to add that did not fit directly into the article. These points apply to all infosec programs, so even if you don’t care about offshore security keep reading.
Continue reading ‘Securing Data OffShore’
If we are going to release security flaws which might lead us into an industry shakedown, we may as well go for the trifecta.
<<< DISCLAIMER >>> Please note that I have not written this article to enable people to steal music from MySpace artists - This is a ‘proof of concept‘ article. Please, do not steal music! If you are going to steal it then please do so knowing you are committing a crime and myself and theReformed have nothing to do with it.
Continue reading ‘Snatching Protected MySpace Music Using Safari’
Well, maybe not so much. However, Google has been pretty light on the keys in fixing a cross-scripting bug that leads to some pretty serious consequences for us, the end-user. The flaw in the handling of the code can compromise our very online privacy that is being taken from us at a snails pace as time goes on. The term is 'Phishing' and it is spreading online like an epidemic of Biblical proportions.
Every day I spent my time researching new ways to do things I have done for years, for example this weekend I spent 27 hours researching a new way to present Java EE HTTP uploads using AJAX, Servlets and EJB's. Yeah I know - blah blah, "we all do that kind of thing, who cares". But AH! I have been doing the same thing for something we are all familiar with. MySpace! Yes its rubbish, yes its been hacked together from ColdFusion and ASP .NET elements and YES it always seems to be broken, BUT there seems to be a massive market out there for people who want to make a quick buck from generating MySpace friend adders, or mass commenter's. They charge a fortune to download these applications to spam other MySpace users, why can't I make a free one? screw those guys… lets open source it! So I thought - How hard can it be? so I started to investigate and I was quite excited as to what I found. Continue reading ‘Hacking MySpace - The Basics - P1′
There are grave inconsistencies in the implementation of secure communications that have left the consumer at great odds with a new generation of talented, albeit immature, data thiefs. Catching a segment of traffic out of the air or through a piggy-back of a stream of packets brings concern to this scene veteran's mind.
We're happy to take you back with us to the past, where Echelon Labs was creating tools free to the public for the good of developers abroad. So, as a reintroduction is in order, say hello once again to Cryptonoya a low-level personal data encryption utility designed by our former Software Engineers in a time where personal privacy and/or security was just beginning to take shape and paranoia of intrusion on those priveleges or rights was becoming more and more justified. Continue reading ‘SOFTWARE: Cryptonoya v1.2′
