Port Scanner

How hard is it to write a port scanner?

Security Engineering Process: Where Compliance Meets Programming

I recently got asked to work on a project to help finalize a Security Engineering Process for my company. I haven't delved too deeply into the goals and deliverables yet, but the project title is interesting enough to me: Security Engineering Process Assessment. This is one of the few times I'm going to argue semantics are important, so let's break this down a little.

Privacy And Media Hype

As anyone who works in the IT Industry knows, how easily the media can understand a technical concept and then generate hype about it has a lot to do with how much attention it gets. While sometimes this brings important issues to light other times it lands pretty far off the mark.

IE Zero Day: Response Required

Another day, another zero day vulnerability (Gosh, I love that term. So ominous. Like seeing a mushroom cloud). This time it's in IE 9 and 10.

NTP and DDoS Attacks

A novel new method of creating a DDoS attack has been found: NTP. I've read a number of good technical explanations on how the attack was performed and the enormity of the data the attack sent (400 some GB), so I'd like to take a step back and talk about DDoS attacks in general.

WebSockets and Security Infrastructure

Web sockets are new and very cool. If you're not familiar with them wikipedia (as always) has a pretty good article.

Working on a websocket test app recently I had a connection that kept on failing.

Facebook: Finding Ways to Monetize

Facebook Paper is a new app for iOS that came out this week. It was advertised as shiny and new and had an oh-so-hipster commercial.