tssci security

Archive for Politics

Post to webappsec mailing-list on WAF and pen-test: dead again

There is no doubt in my mind that some very strong experts out there have put WAF or WAF-like technology to good use. However, WAF is dead and dying regardless. I think that very large-installation, Internet-facing web applications require Anti-DDoS [...]

SANS Top 25 Procurement Language and the OWASP Secure Software Contract Annex

As many of you have probably already heard, SANS, in a combined effort with MITRE released the CWE/SANS Top 25 Most Dangerous Programming Errors. There have been numerous discussions on both the Secure Coding List and Webappsec mailing lists, along with [...]

Building a security plan

An audit framework for evaluating structured security program frameworks How many readers implemented a new security plan for 2006 or 2007? How many had clients that implemented a new security program? Which frameworks were involved? Possible frameworks [...]

Way to go Arnold -- why AB 779 was a lose-lose situation for small business

A lot of commotion has recently been stirred up around California Governer's, Arnold Schwarzennegar's recent vetoing of a bill (AB 779) that would strictly mandate all merchants to comply with. Many have scoffed at the Governer's "caving to lobbyists and [...]

Full-disclosure debate gone mainstream (v. terrorism)

Today I came across a news article in reply to a question asked by Steven D. Levitt, "If you were a terrorist, how would you attack?" The blog posting has struck controversy among many people, and it just reminds me of all the full-disclosure debates we [...]

Preventing and Detecting Sensitive Data on P2P Networks

Recently, we've heard a lot of talk about P2P apps and data leakage concerning various members of Congress. It started with this article over at NetworkWorld, followed up by the guys at nCircle, directing criticism towards Congree from Techdirt, comments [...]

Legalized loan sharking

I saw this on Slashdot last week, an article regarding "Getting the best deals from Dell." One bullet point really stuck out, about financing offers: 9. DPA/Dell Preferred - This is the Dell credit card, like a Sears, Macy's or Radio Shack credit card. [...]

Hacking Techniques for Law Enforcement - A good idea or asking for trouble?

Mikko @ F-Secure made a post on their blog about whether or not law enforcement organizations should be permitted to utilize security tools and hacking techniques in investigations that got me thinking. To me the answer to this question is very clear -- [...]

Hilarious, I'll never drink that much again!

And the post of the day goes to Mike Rothman, and his comments on Javelin's research survey that claims 77% of 2750 consumers said they would not shop at stores that suffered data breaches. I think this number is crap. Why? The analogy I'll use is [...]

Thinking of Exporting Classified Material? Think Again

ITT was fined $100 million for illegally exporting classified technical data relating to night vision equipment overseas. In addition to being fined, they must "invest $50 million over five years to accelerate development of night vision technology, and [...]

Risk of Injury to a Minor == Stupid Law

I have been getting just as furious as paperghost lately over the whole Julie Amero case. By now you've all heard about it, a substitute teacher was surfing the internet and then bombarded with porn advertisements she couldn't get away. People debate her [...]
blog comments powered by Disqus