Author: Michael Starks

The Curious Case of Annie Myous: Part II

In one of my recent posts, I described how I was contacted by a young lady on Google Plus, and how I was having trouble tracking down the scam. Well, now that I know for sure it’s a scammer, rather

Are You Secure? Ten Signs That Your Security Program is Doing Pretty Well

Security is a process. It’s an evolving process that when mature, has certain qualities about it. Here are ten signs that your security program is at a decent point of maturity. A new critical security advisory is released and you

The Curious Case of Annie Myous

I recently received a Google Plus request from someone I didn’t know. We’ll call her Annie for now. I usually dismiss these out of hand. They are commonly spam of two types: someone using a sexy pic of a young

The OpenSSL Heartbeat Vulnerability: Forgotten Attack Vectors

The web is abuzz with reports of the OpenSSL Heartbeat vulnerability. It’s not an understatement to say that this is the most serious vulnerability to come along in several years. There are many good write-ups about it and I don’t

Changes with OSSEC

After many years, I have decided to step down from the OSSEC core team. It was not a decision I made lightly, but due to some recent changes in the project, I felt I would be more useful as a

Tagged with:

With Your Finger on the Trigger…

It was a pretty ordinary day. I think I was doing a review of our firewall ruleset–a decidedly monotonous but necessary task. Then in came an alert that McAfee had deleted a file on one of our workstations. That doesn’t

Malicious Data From Trusted Companies

Last night, I received one of the typical malicious “you have a package waiting” spams to an email address that I have only used at one place–in this case DynDNS.com. It included a link inviting me to print a shipping

Tagged with:

OSSEC CON 2013

Please join me at the second annual OSSEC conference, OSSEC CON 2013. I have the pleasure of joining Scott Shin, CTO of AtomicCorp, and Santiago Gonzalez, Director of Professional Services at AlienVault, in presenting. Time is running out to register, so make sure

Tagged with:

Voting Without Photo ID

I successfully voted for President of the United States tonight without showing a photo ID. Perhaps some background is in order… Last year, Texas passed a law that required voters to present photo ID to vote. A federal court later

Developing a Java Management Strategy

I considered many ways to title this blog post: The Scourge That is Java; Die, Java, Die!; or, perhaps Java, it’s time we had a talk. As a security guy, Java has been my nemesis. It has been far more

Top