Office collaboration services look like 1985
Microsoft Outlook and Exchange server have been the staple for office collaboration for over 10 years, with a model that has been around since Novell and Lotus in the mid-80’s. Collaboration services are clunky, bloaty, and every IT administrator and techie hates both of them with a serious passion. […]

An audit framework for evaluating structured security program frameworks
How many readers implemented a new security plan for 2006 or 2007? How many had clients that implemented a new security program? Which frameworks were involved?
Possible frameworks (Criteria)

No structured security program, or one based around a single vendor or regulation
Mike Rothman’s Pragmatic CSO (P-CSO)
Gunnar Peterson’s […]

Here’s a quick post to decrease your exposure to attacks against web application vulnerabilities. A couple months ago, I posted an article that detailed 8 Firefox extensions for safer browsing. In addition to the extensions listed in that post, I use another precaution while browsing websites: I simultaneously run multiple Firefox profiles. There are a […]

Chris Hoff published his 2008 Security Predictions, which offer a very dim future for the security industry.
His first attack vector is regarding the virtualization hypervisor attacks. Didn’t Ptacek prove that this vector is useless? I’m starting to see new work in this area, but it’s not focused on attacks - it’s more on […]

This post isn’t intended to be a retort to Jeremiah Grossman’s post last month on Why crawling matters, but more of a follow-up post to my latest blog entry on Why pen-testing doesn’t matter. Hint: both pen-testing and crawling are still important/matter, but my CPSL process described in my last post leans towards a […]