Grumpy Security Guy

With the release of the details behind last years mysterious wireless driver OS X exploit we can finally see what was really going on. The exploit was real and Apple decided to suppress it with an NDA ( and probably a nice crate of Apple goodies).
Disclaimer: I am a huge Mac/Apple zealot.
It is interesting that [...]

[Read more →]

Sadly this is a fairly typical story about the treatment of fliers by the TSA and it’s contract cronies. Crap treatment and then Not doing there job at all.
I have a money clip that is also a pocket knife. I am usually pretty good about switching it out for my less threating money clip but [...]

[Read more →]

Ahh single points of failure (or trust). are great eh? Reminds me of the time I had to do a forensics investigation out in the middle of BFE where the IT guys had setup there own separate proxy to allow them to surf porn while the cube zombies got blocked left and right. Who watches [...]

[Read more →]

Ahh the Techno Weenie, they live in all I.T. eco-systems but they are particularly annoying in the security world. These guys live and breath the bits and bytes. Your IDS can’t handle an Trans Siberian XMAS scan? It sucks then, they would never install it. Your network scanner doesn’t have the latest 0-day for System/36, [...]

[Read more →]

Poor Packet Pete, he has fallen behind the times. His glory days where around 1998 when all security issues could be solved on the network. Pete lives in the land of firewalls, router ACLs, IDS systems and VLANs. Since everything is just a packet on the network Pete thinks he can secure and control the [...]

[Read more →]

Congrats to the guys at CGISecurity.com on <a href=”http://www.cgisecurity.com/2007/09/10″>turning 7 today</a>. Pretty amazing when you think about it. Even more amazing to think I was in this space BEFORE CGISec. I feel really old now.
CGISec is the home to the great <a href=”http://www.cgisecurity.com/articles/XSS-faq.shtml”>XSS Faq</a> as well as many other great resources on Web Application Security.
If [...]

[Read more →]

Things like this make me want to go back into forensics. TreCorder, French Star Trek?!?! Nice plug for the iSec guys and there EnCase hacktics as well. Now when is someone going to create a portable supercomputer for dealing with all those network and app server log files? I can deal with 250 GB drives [...]

[Read more →]

My dad is a Aggie, sorry to see his school can’t secure their systems. If anyone is from Texas they know that the Aggie’s are the butt of many jokes. (Think Polish jokes, Texas style). One of my favorites:
How do you confuse an Aggie?
Put him in a round room and tell him to pee in [...]

[Read more →]

When you have been around the IT/Security space as long as I have you run into to a lot of whacky people. After a while you begin sorting and classifying them into nice convenient stereotypes. Over the next few weeks I will post my own stereotypes that I have discovered. Hope you get a laugh [...]

[Read more →]

Maybe they where the source of the spam all along? It must be hard filtering email for the word Viagra when you are the maker.
Zombie Pfizer Computers Spew Viagra Spam, Security Company Reports: “Drug giant Pfizer is flooding e-mail inboxes with pitches for its best-selling erectile-enhancement drug, but the spam isn’t legit. The drugmaker’s network [...]

[Read more →]