How Much Security Does Obfuscation Get You?
In November of last year engadget ran a story explaining how easy it was to decompile Windows Phone 7 applications. A lot of developers were surprised that their apps could be r...
Why Privacy Matters Even if You Have 'Nothing to Hide'
I just read a really well written article by Daniel J. Solove is a professor of law at George Washington University who says we should stop thinking about privacy in Orwellian t...
What LinkedIn Should Have Done with Your Passwords
By now, you’ve probably heard that LinkedIn’s passwords have been allegedly compromised. I first heard about this from a Norwegian website earlier today. Here is what we know no...
Constant Vigilance
I’ve been in the Security Industry for about ten years now. I say that not to brag, but to give context for the rest of this post. I’ve assessed countless pieces of software of ...
Boeing Paying Hackers to Break into Their Systems
Boeing’s systems need to be capable of staving off hackers, and for more than two years, the company has employed two “hackers” to test the security of its computer systems. I l...
My Reading Cycle
I don’t read a lot, but over the last few years I’ve developed a book choice cycle that works really well for me. It helps me finish challenging books that I want to read for de...
Developing Tools for Professional Hackers
Professional hackers or security testers tend to write a lot of code. We write exploit code, fuzzers, code to handle esoteric protocols and data structures, unpackers, disassemb...
Finding Your Inner Evildoer (4/4): An Evil Streak
We’ve made it to the last part of my four part series on what makes a great security tester or hacker. Even though this fourth piece is what I consider to be the most important ...
Finding Your Inner Evildoer (3/4): A Good Imagination
In my previous posts I talked about what an overview of what makes a great security tester, and in depth about what it means to have complete knowledge of the system. If you hav...
When to Rebuild Your Process from Scratch
A few months ago I had the opportunity to rebuild the way we operate the services branch of our company. If you’re not familiar with my background I lead a team of the security ...