Jim Manico invited Dre and I to join him with Brian Holyfield on this week's OWASP Podcast. Topics of discussion included our thoughts on web application security, WAFs, training, among others. Give it a listen, and tell us what you think. OWASP Podcast [...]
Posted by Marcin on Thursday, February 5, 2009 in
People and
Security.
As many of you have probably already heard, SANS, in a combined effort with MITRE released the CWE/SANS Top 25 Most Dangerous Programming Errors. There have been numerous discussions on both the Secure Coding List and Webappsec mailing lists, along with [...]
Posted by Marcin on Friday, January 16, 2009 in
People,
Politics and
Security.
Today, another vulnerability has been making the headlines, various industry security professionals predicting apocalyspe, genocide and famine along with everything in between. It first started earlier this summer, back when Dan Kaminsky, in a [...]
Posted by Marcin on Wednesday, October 1, 2008 in
News,
People and
Security.
Yesterday we celebrated tssci-security.com's two-year anniversary. I started this site on August 23rd, 2006 during my first internship, and oh my, how the time flew by. A lot of good things have come my way -- most as a direct result of this blog. The [...]
Posted by Marcin on Sunday, August 24, 2008 in
Conferences,
News,
People,
Security and
Work.
[Andre and Marcin]: For today's post, we have a guest blogger, Rohit Sethi. We asked Rohit to do this guest post because we feel that his research, along with co-worker, Nish Bhalla, has been influential at solving some unique application security [...]
Posted by Rohit on Thursday, June 26, 2008 in
Defense,
People and
Security.
Apparently Laura Chappell and Mark Curphey were presenting at the Microsoft TecEd 2008 Security Track last week. I haven't heard too much about what happened as a result, and I really wish I was there to see them speak about their respective topics. For [...]
Posted by Dre on Sunday, June 15, 2008 in
Conferences,
People,
Security and
Tech.
Tomorrow, February 28th, is the first ever meeting for the brand new Hartford Owasp chapter. James McGovern, the chapter lead has been putting some effort into starting it off with a bang, so I hope everyone in the NY/CT/Mass area can make it. Agenda for [...]
Posted by Marcin on Thursday, February 28, 2008 in
Conferences,
People and
Security.
We're back from a great weekend in Washington, D.C. at ShmooCon 08'. Dre and I arrived Thursday night just in time for the bar to close and with having no hotel room reserved, we were in for a long night. Interestingly enough though, at around 5am, we [...]
Posted by Marcin on Tuesday, February 19, 2008 in
Conferences,
People and
Security.
The other night, we had the special privilege of being guests on Martin McKeay's Network Security Podcast with co-host Rich Mogull. While having a great time several weeks ago at SunSec, and several beers into the night, we tricked Mogull into letting us [...]
Posted by Marcin on Wednesday, January 30, 2008 in
People and
Security.
Last night Rich Mogull of Securosis, and co-host of Network Security Podcast, hosted SunSec (which was on hiatus for far too long) at the Furio in Scottsdale. It was a great turnout last night -- about twenty people had shown up and talked up all kinds [...]
Posted by Marcin on Friday, January 11, 2008 in
Conferences,
People and
Security.
This is the second blog post covering Sunday's talks at ToorCon 9. You can read the first installment here. After a hard night of partying, I didn't want to get out of bed early in the morning. Gotta give props to Hikari for foreseeing this and not [...]
Posted by Marcin on Thursday, October 25, 2007 in
Conferences,
Hacking,
People and
Security.
This weekend I was in San Diego, California for ToorCon 9 and had an absolute blast. On Friday, I had checked out the USS Midway Aircraft Carrier Museum and enjoyed listening to veterans recount fascinating experiences on the ship during the war. I took [...]
Posted by Marcin on Monday, October 22, 2007 in
Conferences,
Hacking,
People and
Security.
Several of us are going to ToorCon 9 this weekend in San Diego, California. I'm flying out tomorrow (Friday) morning and I plan on visiting some sites around town, such as The Aircraft Carrier/USS Midway Museum and then head up to Little Italy in the [...]
Posted by Marcin on Thursday, October 18, 2007 in
Conferences,
People and
Security.
In my earlier article on Using Google Analytics to Subvert Privacy, I demonstrated how dangerous free tools could be to match privacy information to web clicks. But now that Google has updated their Analytics service to support internal search queries, [...]
Posted by Dre on Wednesday, October 17, 2007 in
Conferences,
News,
People,
Privacy,
Security and
Tech.
Thanks to everyone involved at making this a successful event. It was my first time out to BeanSec, but unfortunately will likely be my last this year (I am going back to school in September). I made the two hour drive all the way out from Hartford, CT, [...]
Posted by Marcin on Wednesday, August 15, 2007 in
People.
Sorry for being late to the game on this one, you've probably already read several personal accounts and all the stories and headlines that originated from Las Vegas last weekend. For those interested, below is my experience at my first DefCon ever, and [...]
Posted by Marcin on Friday, August 10, 2007 in
Conferences and
People.
Back in May, I attended a meeting to get a feel for the company and group I would be working for this summer as an IT Security Intern. Much to my surprise, Richard Bejtlich was in attendance and as it turned out we'd be working for the same company. [...]
Posted by Marcin on Thursday, July 26, 2007 in
People and
Security.
