Blog (Default)

Jun 23rd, 2007

Comments: 0
Category: Misc.
Read More

Moved Again..

I’ve had the blog running in a virtual machine for a while since the power supply on my server blew, but that’s it back onto dedicated hardware now.. In fact it’s a nice little debian server using a Buffalo Linkstation Pro reflashed with FreeLink. Pretty good deal as you get a perfectly good linux server […]

Jun 19th, 2007

Comments: 0
Category: Penetration Testing
Read More

HP to acquire SPI… Cenzic/Acunetix/… next?

Rational Security: Bye Bye, SPI (Dynamics…) Well that’s SPI getting acquired now by HP to follow on from IBM buying Watchfire There may be loads of companies left in the security community waiting to get bought up, but there’s only really Cenzic left of the original top 4 web application scanning tools left, and some […]

Jun 3rd, 2007

Comments: 1
Category: General Security
Read More

Data Tagging requisites..

Rational Security: Profiling Data At the Network-Layer and Controlling It’s Movement Is a Bad Thing? Well I’m gong to try and answer Hoffs question on standards I think need to exist before ADAPT or any other data classification and security programme will work… But first thing a question of my own.. Where does he get […]

Jun 2nd, 2007

Comments: 3
Category: General Security
Read More

Data security architecture Redux.

Re-reading my previous post on data-centric security Hoff made the correct comment that I’d gone to the extreme end and it didn’t quite flow from his post. Fair point, I jumped a couple of hurdles a bit too quickly and it probably didn’t make where I’m coming from clear, so I’ll try and cover things […]

Jun 2nd, 2007

Comments: 3
Category: Misc.
Read More

Wow, looks like I annoyed someone!

IT Security, the view from here: A kick in the teeth Well looks like I annoyed Rob Newby, with some comments on the challenges I think that Data-Centric security will have. To be honest I’m a little disappointed in the tone he chose to take in his post and that he didn’t trackback which would’ve […]

Jun 1st, 2007

Comments: 0
Category: General Security
Read More

Excellent point on culture change

The Security Development Lifecycle : Oil Change or Culture Change? Really interesting point here on the Microsoft SDL blog about executive buy-in being critical to getting focus on security. I think that it actually applies to pretty much all security spending. The thing that came home to me reading this is. It’s not that company […]

Jun 1st, 2007

Comments: 3
Category: General Security
Read More

Data Centric Security… Yeuch

Rational Security: For Data to Survive, It Must ADAPT… EDIT: I’ve had a couple of comments on this posting that I was bad mouthing Hoff with this post. Not my intention and I apologise if it came across like that. I actually agree with most of what he says, just not the bit about data […]

May 24th, 2007

Comments: 0
Category: General Security
Read More

OWASP Conference slides up

Looks like the slides are up for most of the OWASP conference presentations over here A couple that I thought were particularly interesting were Alex Lucas on the Microsoft SDL which gave some good insight on all the work that Microsoft are putting into improving the security of Vista. I’ve never been a huge Microsoft […]

May 22nd, 2007

Comments: 0
Category: General Security
Read More

Windows server 2008 to solve Microsofts last security problem?

Windows Server 2008 Features Address Linux Rivalry Interesting article which talks about the modular nature of Windows server 2008. From the content of this article I think it’s fair to say that Microsoft will have addressed the last big architectural problems with their software security that I can think of, once server 2008 is available. […]