Grumpy Security Guy

At the CanSec West conference Charlie Miller wins the PWN 2 OWN contest. I think these contest are kinda lame as they do not prove much, other than Charlie Miller was most likely sitting on a vulnerability waiting until the contest. I still think it is some what cool that there are people that are [...]

[Read more →]

This seems pretty scary. Apparently the FBI posted a link on some online forum that claimed to display kiddy porn. The story is here.
Upon reading this the first thing that popped into my mind was CSRF(Cross Site Request Forgery) Now this is not classic CSRF since CSRF generally implies I am exercising some functionality on [...]

[Read more →]

I’ve not been this pumped about something in a long time. Jeremiah actually has been pulling me into liking this idea for a very long time. I hated it at first. I mean WAFs, bleh. Plus I mean didn’t we already try scanners + WAFs before? Oh yeah the total trainwreck that was AVDL. So one [...]

[Read more →]

Regardless of what you think about now former governor Spitzer and what he did, we can learn a lot from how he handled the public disclosure of his err “vulnerability” Here are 5 lessons you can use if you ever find yourself involved in a public disclosure of a vulnerability on your web site or [...]

[Read more →]

When the clueless are on the intarwebs this is what happens:
http://thedailywtf.com/Articles/So-You-Hacked-Our-Site!.aspx
If you enjoyed this post, make sure you subscribe to my RSS feed!

[Read more →]

Sorry for my silence here for the past month. I had a new son

and on top of that March 10th WhiteHat will be announcing something really big that we think is going to change the Web Application Security space. I have been busy on analyst calls as well as marshaling it through the development process. [...]

[Read more →]