No one ever reads the documents. And reality never matches the standards. So how do you handle the delta? Here are four ways.
Watch more videos on my YouTube channel.
Archive for September, 2016
Stuck in Traffic – Whitebox Fuzzing and Project Springfield
Posted byWhitebox fuzzing combines the code review of whitebox static analysis with the brute forcing inputs of fuzzing. Microsoft just announced Project Springfield, which is a service providing whitebox fuzzing for Microsoft developers. Slick way to find and remove vulnerabilities in our applications.
Watch more videos on my YouTube channel.
Stuck in Traffic – Application Whitelisting
Posted byTwo approaches to whitelisting, on two sides of the spectrum.
Watch more videos on my YouTube channel.
Stuck in Traffic – What i-Dressup Tells us about Response
Posted byWhen i-Dressup is breached and passwords, clear text passwords, get siphoned off through SQL injection, people notice. Ars Technica notices. Troy Hunt notices. And Ars and Troy try to contact i-Dressup. But i-Dressup does n’t notice. I-Dressup does not respond. Would we have done much better?
Watch more videos on my YouTube channel.
Stuck in Traffic – Escorting Vendors during Remote Support
Posted byWe have some equipment that needs vendor support. We’re definitely not going to fly someone out for support every time. So, that means remote. But how do we handle concerns over giving a third party remote access?
Watch more videos on my YouTube channel.
Stuck in Traffic – Making Mistakes
Posted byA correction video, with a shout out to Stephen Harris for catching two of my mistakes, and a broader thought on the importance of quickly identifying and correcting mistakes. DomainKeys Identified Mail (DKIM) provides the email authentication by certificates. And AES uses shared secret keys, not private keys. And, mistakes? Don’t take them personally.
Watch more videos on my YouTube channel.
Stuck in Traffic – When Documentation Attacks
Posted byLeaking sensitive information in documentation happens to just about everyone. For today’s video, let’s use Microsoft’s MSDN and the GPO AES shared key leak (MS14-025). One slip in documentation and — bam! — an attack occurs. Be careful. No pressure.
Watch more videos on my YouTube channel.
Stuck in Traffic – Educating the Educators
Posted byWhen my daughter’s teachers ask her to tweet that she goes to their high school, it occurs to me, we need to educate the educators on privacy and security matters.
Watch more videos on my YouTube channel.
Stuck in Traffic – Sender Policy Framework (SPF)
Posted byWhere to deploy SPF with email, how to bypass SPF when phishing, and why we still need security culture.
Watch more videos on my YouTube channel.
Stuck in Traffic – Patch! But don’t rely on patches.
Posted byMicrosoft releases a patch that stops AdGholas’s primary vulnerability. It only took two years. It only affected 5 million people. A day, 5 million a day. And this tells us a lot about the need for defense in depth.
Watch more videos on my YouTube channel.