Category: Secure Design

Are You Secure? Ten Signs That Your Security Program is Doing Pretty Well

Security is a process. It’s an evolving process that when mature, has certain qualities about it. Here are ten signs that your security program is at a decent point of maturity. A new critical security advisory is released and you

Posted in Dialogue, Incident Response, Secure Administration, Secure Design, Standards, Systems Hardening

Developing a Java Management Strategy

I considered many ways to title this blog post: The Scourge That is Java; Die, Java, Die!; or, perhaps Java, it’s time we had a talk. As a security guy, Java has been my nemesis. It has been far more

Posted in Risk Management, Secure Design, Systems Hardening, Vulnerabilities

The Immutable Friday Fav Five for September 30, 2011

Here are the five or more links that I found interesting for this week: PDF-XRAY is a site where you can submit suspect PDFs for analysis. Now you can download the code behind the site and have a go at

Posted in Research, Risk Management, Secure Design, Vulnerabilities

The Immutable Friday Fav Five for September 23, 2011

Here are the five or more links that I found interesting for this week: This is just all kinds of awesome. It’s not that I am with the bad guys, but when they get this creative you have to give

Posted in Computer Crime, Intrusion Detection, Log Analysis, Secure Design, Vulnerabilities Tagged with: ,

The Immutable Friday Fav Five for September 16, 2011

Here are the five or more links that I found interesting for this week: Dave Hoelzer from SANS provides some very useful “AuditCasts.” These are short, instructional videos on various topics. This week, Dave talked about the benefits of split

Posted in Dialogue, Intrusion Detection, Log Analysis, Risk Management, Secure Design Tagged with:

The Immutable Friday Fav Five for September 9, 2011

Here are the five links that I found interesting for this week: The Shadowserver foundation is comprised of a group of volunteer security professionals who gather information about Internet-based crime. One of the more interesting projects is a compilation of

Posted in Computer Crime, Dialogue, Incident Response, Intrusion Detection, Log Analysis, Research, Secure Administration, Secure Design, Standards, Systems Hardening Tagged with: ,

How to Suck at Security for Executive Management

An off-beat comment with a colleague last week gave me the idea for this post. We were discussing ways in which security programs fail and he jokingly suggested that I blog about how to fail in security, rather than how

Posted in Risk Management, Secure Design

Garden Security III: The Houdini Hare

Never underestimate the potential of a motivated attacker–or a hungry rabbit. Fairly confident in my beefed up garden security, I entered my garden to commune with my plants. They probably would have preferred water, but I am an earthy kind

Posted in Risk Management, Secure Design Tagged with:

Garden Security II: The Bunny Breach

*(&$#@!! I stepped outside tonight to water the garden and what did I find? A fuzzy-tailed rabbit happily hanging out inside my garden–with the gate closed. My perimeter has been breached! How did he get in? I am still doing

Posted in Incident Response, Intrusion Detection, Risk Management, Secure Design, Vulnerabilities Tagged with:

Garden Security

I like to garden. Truth be told, I’m not very good at it. I get a little better every year, but I am not one of those people who can just look at a plant and make it grow. This

Posted in Risk Management, Secure Design