Haroon Meer
Two quick links on “how your app got hacked, even though it looked ok”
The first one from hacker news, aptly titled “How I Hacked Hacker News (with arc security advisory)” and the 2nd, a welcome-back-to-the-blogosphere-tptacek post on the matasano blog: [Typing The Letters A-E-S Into Your Code? You’re Doing It Wrong!] /mh PS. for those going, man i wish someone would break down the important crypto stuff for me in a way thats understandable without being patronizing, there is Chris Eng and his…
How Good Companies Fail..
In early 2002 i recall reading and falling in love with Jim Collins book: “From good to Great“. I recall being so excited by some passages that i typed out whole paragraphs and sent them around to the rest of the office.. For my last birthday Deels got me Collins other book “Built to Last: Successful Habits of Visionary Companies“. It seems as if he has done it again, with…
Apple gets some clue points?
At [DeepSec] last year i had the pleasure of hearing Ivan Krsti? speak. While some of his arguments had (small) holes in them (which the audience were quick to pounce on), he raised the ugly fact that people like me like to ignore.. That some of us spend a lot more time thinking of elaborate ways to break stuff than we do designing less breakable stuff.. I think for most…
Episode 9 of the ITSecurity Pubcast..
Yvette Du Toit (E&Y – UK/ZA) featured on the latest ITSecurity Pubcast and spoke about her role in CREST. SensePost were invited along, and i showed that while i have a face for radio, i do not have the voice for it.. Ahh.. some day ill find my niche.. Till then, you can listen to the pubcast [here] and SensePosters can grab the mp3 [here]
Zappos number 1 priority
[Zappos.com] is one of those companies people love to write about. They make headlines for their use of new media and their CEO (Tony Hsieh) is as .com legendary as one gets.. (he sold LinkExchange in 1998 for $265 million and under him zappos went from $1.6 million in sales (2000) to $840 million in sales (2007)). He recently gave a talk at the [Web 2.0 conference]. He talks about…
Chris Eng 1 – 0 Verizon DBIR Cover
Chris Eng over [at the Veracode blog] documents how he approached, and decoded the info behind the [2009 Verizon Data Breach Investigations Report ] Its an interesting read, and although in the end it turned out to be just a [Vigenère cipher] and fell to (effectively) a [known plaintext attack], its def. worth the few minutes it will take to read..
Virtualization as an answer to backward compatability?
Part of the problem Microsoft bumped into with Vista, was hordes of people who had grown too attached to XP.. It seems they learnt their lesson (and found a cheap way to maintain backward compatability without having to keep legacy code forever). [XP with SP3 as a virtual-pc virtual machine within Windows 7] We thought we had problems classifying client side bugs that required user intervention (remote? local?), what happens…
Comments have been broked :(
Comments on the blog have been suprisingly quiet and we should have realised this when more and more people started having discussions with us via twitter or email (as opposed to simply saying their piece here). Short Story: It was broken, and it should be fixed again. Blame has been assigned and culprits have been whipped appropriately. Long Story: Most SensePost’ers interact with the blog through our company-internal blog. This…
Should InfoSec companies be betting on PCI ?
The United States committee on Homeland Security’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology recently held a hearing to determine if “the Payment Card Industry Data Standards Reduce Cybercrime?” Risky Business played snippets of the hearing under the apt title: “Washington spanks PCI DSS” – Like most episodes of RB, its well worth the listen.. One of the “merchants” giving testimony made his point quite succinctly. The credit…
#include fakeNewsStory.h
what? on April 1st???? Never!