A couple of weeks back, HD Moore posted a blog entry entitled “Security Flaws in Universal Plug and Play: Unplug, Don’t Play” supporting a Rapid7 Whitepaper in which he discusses the 81 million unique IP addresses that respond to UPnP discovery requests on the Internet and the 23 million fingerprints that match a version of […]
I recently had the opportunity to play with a data analytics platform called LYNXeon by a local company (Austin, TX) called 21CT. The LYNXeon tool is billed as a “Big Data Analytics” tool that can assist you in finding answers among the flood of data that comes from your network and security devices and it […]
I was having lunch with Charles Henderson from Trustwave Spider Labs the other day and he mentioned that he had just gotten signed up with the new Roadrunner Extreme Broadband Beta from Time Warner Cable. He mentioned insane download and upload speeds as well as the new DOCSIS 3.0 compliant modem. It was enough to […]
Much like many other companies these days, National Instruments hires many of our developers straight out of school. Many times when engaging with these new hire developers, I will ask them what kind of security they learned at their university. In almost all cases I’ve found that the answer hasn’t changed since I graduated back […]
Notice anything wrong with this picture? I was walking by one of the Iron Mountain Secure Shredding bins at work one day several months ago and noticed that the lock wasn’t actually locked. Being the security conscious individual that I am, I tried to latch the lock again, but the lock was so rusted that […]
I had a meeting yesterday with a vendor who sells a SaaS solution for binary application vulnerability testing. They tell a very interesting story of a world where dynamic testing (“black box”) takes place alongside static testing (“white box”) to give you a full picture of your application security posture. They even combine the results […]
Part of my new role as the Information Security Program Owner at NI is taking care of our regulatory compliance concerns which means I spend quite a bit of time dealing with auditors. Now auditors are nice people and I want to preface what I’ll say next by saying that I think auditors do perform […]
I’ve spent a lot of time over the past few months writing an enterprise application in PHP. Despite what some people may say, I believe that PHP is as secure or insecure as the developer who is writing the code. Anyway, I’m at the point in my development lifecycle where I decided that it was […]
This presentation was by Jason Macy and Mamoon Yunus of Crosscheck Networks – Forum Systems. It wins the award (the one I just made up) for being the most vendor-oriented presentation at the conference. Not that it wasn’t an interesting presentation, but their solution to defend against most of the attacks was “Use an XML […]
This presentation was by Boaz Belboard, the Executive Director of Information Security for Wireless Generation and the Project Leader for the OWASP Security Spending Benchmarks Project. My notes are below: It does cost more to produce a secure product than an insecure product. Most people will still shop somewhere, go to a hospital, or enroll […]
