Exactis Breach
I recently learned about a new Exactis data breach. No passwords were compromised, but much of the information that would be used in a social engineering or phishing campaign wa...
Don't Short Circuit a Lesson
Don’t short circuit a lesson because you think you know what the take away is going to be. Too often we try to map other’s experiences or recommendations to our own and we miss ...
Ruby open allows command injection if user controlled
We’ve been getting a lot of Ruby on Rails Penetration tests and code reviews at Security Innovaiton, and I’ve been writing a decent amount of it myself. In general it’s a great ...
An Hour of Code with Code.org
I am staggered and truly impressed by what the team at Code.org has accomplished in such a short period of time. When Hadi Partovi started conversations in May of this year with...
Understanding Customer Needs and Helping Them Mature
(Originally posted on the Security Innovation Blog) ##Security Innovation’s manifesto on being a trusted advisor Each client has different backgrounds as well as a different dep...
Why I Donated to Help Jailbreak iOS7 & You Should Too
There are almost always multiple sides to any debate in software security. For that reason I find myself saying “It depends” far more than I may expect. I came across isios7jail...
NASA Forced to Suspend All Public Outreach & Education Programs
Yesterday was a sad day for NASA who were forced to halt all education and public outreach activities including public engagement out outreach events, programs, activities and p...
Why Privacy Matters Even if You Have 'Nothing to Hide'
I just read a really well written article by Daniel J. Solove is a professor of law at George Washington University who says we should stop thinking about privacy in Orwellian t...