Blog (Default)

Sep 10th, 2007

Comments: 0
Category: Cryptography
Read More

Appropriate trust on the Internet

There’s an interesting story at The Register about the recent leaking of embassy credentials amongst others, by an individual in Sweden. The story is that someone set up some Tor exit nodes and then sniffed the traffic that came out over them. There’s several interesting points that come out from this, I think. Understand the […]

Aug 22nd, 2007

Comments: 2
Category: Penetration Testing
Read More

The start of an interesting series of blogs

The Art of Scoping Application Security Reviews (Part 1) – The Business ォ Mark Curphey – SecurityBuddha.com Mark Curphys starting a series of posts on application security review scoping, which should be interesting reading (although I imagine it may annoy some people in the industry ;o) ) In this one looking at the business aspects […]

Aug 22nd, 2007

Comments: 2
Category: General Security
Read More

Some great insight on thinking about security

TaoSecurity: Marcus Ranum Highlights from USENIX Class There’s some very good points here in TaoSecuritys summary of a Marcus Ranum session at Usenix. I’ve not seen the original talk but the summary makes me wish I’d been there. The point on the perimeter being a complexity management tool is very well made in reference to […]

Aug 16th, 2007

Comments: 0
Category: General Security
Read More

SaaS vendor security.

Rational Security: On-Demand SaaS Vendors Able to Secure Assets Better than Customers? An interesting post from Hoff on whether having data with SaaS vendors may leave you more or less secure overall. I’ve had a couple of experiences of this over the years and I’ll say that generally where I’m seeing data hosted out of […]

Aug 5th, 2007

Comments: 0
Category: Penetration Testing
Read More

Handy Footprinting/research tool

Came across a tool that should help make light work of the research phase of a penetration test today. Paterva Evolution. Essentially seem to be a nice graphical way of establishing connections related to a specific resource. So for example, any email addresses that are findable relating to a given domain name. Of course that […]

Jul 28th, 2007

Comments: 2
Category: Misc.
Read More

Back and RoraScanner

Well I’m back from (sometimes) sunny shetland. Thanks to some rain and a laptop I’d taken I got some work done on a tool I’ve started developing for my SANS GSOC gold paper. RoraScanner is a Oracle 10G security scanner written in ruby. I’m enjoying writing it at the moment as it’s let me develop […]

Jul 13th, 2007

Comments: 0
Category: Misc.
Read More

Away for a bit

well like some others in the security blogosphere I’m off on my holidays for the next couple of weeks to lovely shetland. Nice place, but not renowned for the density of it’s Wi-Fi hotspots so I’ll probably be offline for a bit…

Jul 12th, 2007

Comments: 0
Category: Penetration Testing
Read More

More random thoughts on OWASP

Matasano Chargen Random Thoughts On OWASP One of those times when I start writing a comment on a post and end up rambling for so long that it ends up being worth a post… — I’ll chime in on the OWASP needs some staff line. I know they’ve got loads of great people running it […]

Jul 10th, 2007

Category: General Security
Read More

Comments and Trackbacks off…

I’ve had to switch comments and trackbacks off on the blog at the moment. Turns out that my little converted NAS box that I’ve moved over to is great at static content but not so good a CGIs, so when comment/trackback spammers hit it a lot it overheats! Going to look into maybe moving the […]