Wednesday, February 26, 2014

Security Engineering Process: Where Compliance Meets Programming



I recently got asked to work on a project to help finalize a Security Engineering Process for my company. I haven't delved too deeply into the goals and deliverables yet, but the project title is interesting enough to me: Security Engineering Process Assessment. This is one of the few times I'm going to argue semantics are important, so let's break this down a little.

Friday, February 21, 2014

Privacy And Media Hype



As anyone who works in the IT Industry knows, how easily the media can understand a technical concept and then generate hype about it has a lot to do with how much attention it gets. While sometimes this brings important issues to light other times it lands pretty far off the mark.

Thursday, February 20, 2014

IE Zero Day: Response Required



Another day, another zero day vulnerability (Gosh, I love that term. So ominous. Like seeing a mushroom cloud). This time it's in IE 9 and 10.

Sunday, February 16, 2014

NTP and DDoS Attacks



A novel new method of creating a DDoS attack has been found: NTP. I've read a number of good technical explanations on how the attack was performed and the enormity of the data the attack sent (400 some GB), so I'd like to take a step back and talk about DDoS attacks in general.

Friday, February 14, 2014

WebSockets and Security Infrastructure

Web sockets are new and very cool. If you're not familiar with them wikipedia (as always) has a pretty good article.

Working on a websocket test app recently I had a connection that kept on failing.

Tuesday, February 4, 2014

Facebook: Finding Ways to Monetize

Facebook Paper is a new app for iOS that came out this week. It was advertised as shiny and new and had an oh-so-hipster commercial.