There is no doubt in my mind that some very strong experts out there have put WAF or WAF-like technology to good use. However, WAF is dead and dying regardless. I think that very large-installation, Internet-facing web applications require Anti-DDoS [...]
Posted by Dre on Thursday, February 12, 2009 in
Defense,
Politics and
Security.
As many of you have probably already heard, SANS, in a combined effort with MITRE released the CWE/SANS Top 25 Most Dangerous Programming Errors. There have been numerous discussions on both the Secure Coding List and Webappsec mailing lists, along with [...]
Posted by Marcin on Friday, January 16, 2009 in
People,
Politics and
Security.
An audit framework for evaluating structured security program frameworks How many readers implemented a new security plan for 2006 or 2007? How many had clients that implemented a new security program? Which frameworks were involved? Possible frameworks [...]
Posted by Dre on Monday, December 10, 2007 in
Defense,
Hacking,
Intelligence,
Politics,
Security,
Tech and
Work.
A lot of commotion has recently been stirred up around California Governer's, Arnold Schwarzennegar's recent vetoing of a bill (AB 779) that would strictly mandate all merchants to comply with. Many have scoffed at the Governer's "caving to lobbyists and [...]
Posted by Marcin on Tuesday, October 16, 2007 in
Politics,
Privacy and
Security.
Today I came across a news article in reply to a question asked by Steven D. Levitt, "If you were a terrorist, how would you attack?" The blog posting has struck controversy among many people, and it just reminds me of all the full-disclosure debates we [...]
Posted by Marcin on Thursday, August 9, 2007 in
Intelligence and
Politics.
Recently, we've heard a lot of talk about P2P apps and data leakage concerning various members of Congress. It started with this article over at NetworkWorld, followed up by the guys at nCircle, directing criticism towards Congree from Techdirt, comments [...]
Posted by Marcin on Sunday, July 29, 2007 in
News,
Politics,
Security and
Tech.
I saw this on Slashdot last week, an article regarding "Getting the best deals from Dell." One bullet point really stuck out, about financing offers: 9. DPA/Dell Preferred - This is the Dell credit card, like a Sears, Macy's or Radio Shack credit card. [...]
Posted by Marcin on Monday, June 18, 2007 in
Politics.
Mikko @ F-Secure made a post on their blog about whether or not law enforcement organizations should be permitted to utilize security tools and hacking techniques in investigations that got me thinking. To me the answer to this question is very clear -- [...]
Posted by Casey on Tuesday, June 5, 2007 in
Politics,
Privacy and
Security.
And the post of the day goes to Mike Rothman, and his comments on Javelin's research survey that claims 77% of 2750 consumers said they would not shop at stores that suffered data breaches. I think this number is crap. Why? The analogy I'll use is [...]
Posted by Marcin on Monday, April 16, 2007 in
Politics,
Privacy and
Security.
ITT was fined $100 million for illegally exporting classified technical data relating to night vision equipment overseas. In addition to being fined, they must "invest $50 million over five years to accelerate development of night vision technology, and [...]
Posted by Marcin on Saturday, March 31, 2007 in
Defense,
Politics,
Security and
Tech.
I have been getting just as furious as paperghost lately over the whole Julie Amero case. By now you've all heard about it, a substitute teacher was surfing the internet and then bombarded with porn advertisements she couldn't get away. People debate her [...]
Posted by Marcin on Friday, February 16, 2007 in
News and
Politics.
