Category: Dialogue

The Curious Case of Annie Myous: Part II

In one of my recent posts, I described how I was contacted by a young lady on Google Plus, and how I was having trouble tracking down the scam. Well, now that I know for sure it’s a scammer, rather

Are You Secure? Ten Signs That Your Security Program is Doing Pretty Well

Security is a process. It’s an evolving process that when mature, has certain qualities about it. Here are ten signs that your security program is at a decent point of maturity. A new critical security advisory is released and you

When Disclosure Can Kill

What should one do when discovering a vulnerability in a medical device? What if, by disclosing the vulnerability, you could put someone’s life at risk? These are the questions I explore in an article I wrote for the most recent

3WoO Day 7: Wrapping It Up

Well, despite my best efforts, the day 7 post is going to be a bit delayed. But I think you’ll like it. So, stay tuned.

Tagged with:

3WoO Day 6: Learning From Malware Part II–The Rules

Yesterday, I blogged about some annoying malware. The point was to learn some of the techniques that this general class of malware uses, so we could write some OSSEC rules to detect it. If you haven’t already read that post,

Tagged with:

The Immutable Friday Fav Five for October 14, 2011

Sorry, there will be no Fav Five this week. Instead, I am spending my time on writing a journal article and preparing for the Week of OSSEC. Have a great weekend!

Dennis Ritchie, Father of Unix and C, Dead at 70

#include<stdio.h> main() { printf(“R.I.P., Dennis. Your contributions will not be forgotten.\n”); }  

The Immutable Friday Fav Five for September 16, 2011

Here are the five or more links that I found interesting for this week: Dave Hoelzer from SANS provides some very useful “AuditCasts.” These are short, instructional videos on various topics. This week, Dave talked about the benefits of split

Tagged with:

The Immutable Friday Fav Five for September 9, 2011

Here are the five links that I found interesting for this week: The Shadowserver foundation is comprised of a group of volunteer security professionals who gather information about Internet-based crime. One of the more interesting projects is a compilation of

Tagged with: ,

Why Some Merchants Should Not Worry About PCI Part II

Yesterday, I wrote a post saying that the lady who cuts my hair needs to comply with 100% of the PCI standard. This was based on my experience in PCI in corporate environments, some of which do not actually store

Tagged with: