Clik here to view.
Whitepaper: The State of Information Security 2008
I just got back from The Credit Union Information Security Professionals Association 3rd annual National event in Austin Texas where Rohyt and I were talking to the folks about www.PhishMe.com. I have...
View ArticleClik here to view.
Bold face lie in a clash at FCC hearing – port139online.com:139
What is http://port139online.com:139/ ? Port139online.com:139/ IS a website Port139online.com:139/ IS a protocol Port139online.com:139/ IS a service (a service that tells you if your ISP is providing...
View ArticleApple.com XSS
A few weeks ago I was looking into writing an application for my iPhone. At some point, I felt compelled to actually give it a shot, and I headed over to Apple’s web site to download XCode and whatever...
View ArticleClik here to view.
DNS vuln + SSL cert = FAIL
Authenticating to a web application is a mutual process. Before a user enters credentials into the application, they validate the web applications credentials: its hostname, content, and SSL...
View ArticleRIM Security: Employer BES vs. Employee BIS – Part 1
When we perform security testing of blackberry applications for our customers, we have to consider the device from 5 points of view: BES managed blackberry application that pushes data over the carrier...
View ArticleMobile Platform Trustworthiness
How trustworthy are mobile platforms and devices? For the maintainers of corporate networks and those charged with protecting sensitive data on those networks this is a very serious question. Corporate...
View ArticleThe Secret is Out: WSJ on Mobile Application Privacy
Good morning! Like many of us, my morning includes a warm cup of coffee, working my way through some E-Mails, and skimming through the blogosphere. About halfway though this ritual I came across one...
View ArticleClik here to view.
Financial News and malicious Android Apps
I’m a bit of a CNBC junkie; I stream it all day (so if you want to spear-phish me, send an email about my subscription to pro.cnbc.com expiring, harhar). While drinking coffee this morning and going...
View ArticleSome thoughts about the Tripadvisor breach
Gawker, Trapster, now Tripadvisor. I’m sorry Steve Kaufer, but I don’t think the email you sent is good enough anymore. You said “passwords remain secure” HOW DO WE KNOW THAT? State how you stored...
View ArticleExcuse me, your clouds are leaking
I recently started playing around with Gliffy, a nice online diagramming tool that has become quite popular. Gliffy makes sharing your diagrams with the world easy. Unfortunately, many Gliffy users do...
View Article