The Importance of Vulnerability Disclosure Programs and Bug Bounties
I’ve written before about how important responsible disclosure is for Security Researchers. That responsibility falls on both sides of the discussion. Of course it falls on the ...
Gmail Changes to Displays Images by Default
Gmail recently changed the way it displays images to you (Official Gmail Blog). From a user perspective this can be good, from a security perspective this might be good, from a ...
Why I Donated to Help Jailbreak iOS7 & You Should Too
There are almost always multiple sides to any debate in software security. For that reason I find myself saying “It depends” far more than I may expect. I came across isios7jail...
Email Strategy
I’ve seen a few different articles about people’s different e-mail strategies and they certainly seem to be a hot topic. With our ever reliance on e-mail as a primary mechanism ...
Anatomy of a Distributed Denial of Service (DDoS) Attack
The recent wave of DDoS attacks on banking web sites, and the Spamhaus DDoS attack (which was three to five times greater than the biggest attacks against U.S. banks) is reinfor...
Mobile Application Security Testing FAQs: Post #1
A couple weeks ago I presented a webcast at Security Innovation that covered techniques for testing mobile applications. As usual I was long winded with stories and analogies an...
How Much Security Does Obfuscation Get You?
In November of last year engadget ran a story explaining how easy it was to decompile Windows Phone 7 applications. A lot of developers were surprised that their apps could be r...
Why Privacy Matters Even if You Have 'Nothing to Hide'
I just read a really well written article by Daniel J. Solove is a professor of law at George Washington University who says we should stop thinking about privacy in Orwellian t...
What LinkedIn Should Have Done with Your Passwords
By now, you’ve probably heard that LinkedIn’s passwords have been allegedly compromised. I first heard about this from a Norwegian website earlier today. Here is what we know no...
Constant Vigilance
I’ve been in the Security Industry for about ten years now. I say that not to brag, but to give context for the rest of this post. I’ve assessed countless pieces of software of ...