Responsible disclosure is a double edged sword. The faustian bargain is I keep my mouth shut to give you time to fix the flaws, not ignore me. I would humbly suggest that it is very relevant to your interests when a top security researcher submits a business logic flaw to you that is trivially exploitable…
Running Fortify SCA 3.80 on Ubuntu 12.04 64 bit Linux
I have a bit of a code review job at the moment. It’s a large code base, and you all know what that means. LOTS OF RAM! So I got me a 16 GB upgrade. Then I found that I could only allocate 8 GB to a VM in VMWare Fusion. So here’s how to…
Zombie Apocalypse – Economic armageddon using Gresham’s Law
I was heartened to find out that someone was given grant money for a study that demonstrates that the fresh brains market in a zombie apocalypse would peter out after six months. Afterwards, the earth would be either empty (most likely) or a wasteland with few zombies. So that gave me an idea. Gresham’s Law,…
Curation
I have taken the step of finally splitting the cut-n-paste import from my blog at Advogato into the days they actually occurred. All that content was here previously, but in some cases bunched together over many thousands of lines in single massive multi-month postings. Some early permalinks are gone, but that’s okay, you can search…
Argumentum ad antiquitatem
This post is not in Latin, but essentially a call to the Information Security industry to end policies based upon argumentum ad antiquitatem, which includes: Password change, complexity and length policies and standards that simply don’t make sense in the light of research and tools that show that we can crack ALL passwords in a reasonable…
Securing WordPress with obfuscation
So in a fit of security through obscurity, I renamed my WordPress database tables and promptly broke WordPress with a highly informative “You do not have sufficient permissions to access this page.” error message when accessing wp-admin. Changing the prefix is easiest done with a new installation, but my installation dates from the very first…
Installing Fedora 18 (RTM) to VMWare Fusion 5 or VMWare Workstation 9
I always live in hope that just one day, the folks over at Fedora will actually have a pain free VMWare installation. Not to be. Here’s how to do it with the minimal gnashing of teeth. Bugs that get you before anything else On VMWare Fusion 5, currently Fedora 18 x86_64 Live DVD’s graphical installer…
Time to update knowledge
This might be telling folks to suck eggs, but if you are doing secure code reviews and your development skills relate to type 1 JSP and Struts 1.3, it’s really time you got stuck into volunteering to code for open source projects that use modern technologies. There’s heaps of code projects at OWASP that need…
OWASP Developer Guide – time for a new meeting
If you are participating in the OWASP Developer Guide, I want to have another status meeting Friday next week. Friday 2nd November 1300 UTC Saturday 3rd November 0000 AEDST (my time zone) Come be my friend on Google+, and ask to be in my OWASP Guide circle. This circle can participate in the Hangout. Hope…
PTV iPhone app – worst public transport app ever, or just pure evil?
I take the train between Marshall and Southern Cross Station, a terminus station with 14 or 15 platforms and hundreds of V/Line country, suburban and bus services daily. I had an app that worked (the old MetLink app). That wasn’t stellar, but it worked well enough that I didn’t need to get a paper timetable….