No image

IP Intelligence Lookup Chrome Extension

The topic of “IP intelligence” gets a nod in the book that @jayjacobs & I are writing and it was interesting to see just how many sites purport to “know something” about an IP address. I shamelessly admit to being a Chrome user and noticed there were no tools that made it possible to right-click […]

No image

Off By One : The Importance Of Fact Checking Breach Reports

I didn’t read through the Massachusetts 2011 Report on Data Breach Notifications [PDF] until recently, but once I went through the report my brain kept telling me “something is wrong”. Not something earth shattering, but more of a “something is off” signal. This happens more than I’d like as I tend to constantly background process what […]

No image

Slaying the BEAST in nginx

Just a quick post as I noticed that my nginx configuration was vulnerable to the BEAST attack thanks to the #spiffy SSL Certificate Tester from Qualys (I scored an “A”, btw :-). The nginx docs show how to do this, now, and it’s pretty simple (very similar to the Apache configuration, in fact): 1 2 […]

No image

Metricon: Software Security’s Futures Plural

UPDATE – 2011-02-26: Alphonso has posted his slides and BeeWise is open! Speaker: Alfonso De Gregorio How do we build a future in software security?   /me: the slides that will be posted have a ton of detail that Alfonso sped through. you’ll get a very good feel from them   Metrics are the servants of […]

No image

AwesomeChartJS Meets Microsoft Security Bulletins

I wanted to play with the AwesomeChartJS library and figured an interesting way to do that was to use it to track Microsoft Security Bulletins this year. While I was drawn in by just how simple it is to craft basic charts, that simplicity really only makes it useful for simple data sets. So, while […]