In Defense of Reverse Engineering and Responsible Disclosure
I was pretty disappointed after reading Mary Ann Davidson’s blog post discouraging customers from reverse engineering their software for any reason. As CSO of Oracle, one of the...
The Importance of Vulnerability Disclosure Programs and Bug Bounties
I’ve written before about how important responsible disclosure is for Security Researchers. That responsibility falls on both sides of the discussion. Of course it falls on the ...
Gmail Changes to Displays Images by Default
Gmail recently changed the way it displays images to you (Official Gmail Blog). From a user perspective this can be good, from a security perspective this might be good, from a ...
Email Strategy
I’ve seen a few different articles about people’s different e-mail strategies and they certainly seem to be a hot topic. With our ever reliance on e-mail as a primary mechanism ...
Why Privacy Matters Even if You Have 'Nothing to Hide'
I just read a really well written article by Daniel J. Solove is a professor of law at George Washington University who says we should stop thinking about privacy in Orwellian t...
What LinkedIn Should Have Done with Your Passwords
By now, you’ve probably heard that LinkedIn’s passwords have been allegedly compromised. I first heard about this from a Norwegian website earlier today. Here is what we know no...
Constant Vigilance
I’ve been in the Security Industry for about ten years now. I say that not to brag, but to give context for the rest of this post. I’ve assessed countless pieces of software of ...
Boeing Paying Hackers to Break into Their Systems
Boeing’s systems need to be capable of staving off hackers, and for more than two years, the company has employed two “hackers” to test the security of its computer systems. I l...
Developing Tools for Professional Hackers
Professional hackers or security testers tend to write a lot of code. We write exploit code, fuzzers, code to handle esoteric protocols and data structures, unpackers, disassemb...