I’ve downloaded and used the Firefox 3 beta browser software for the past few months and wanted to give a report on the latest of what works and what doesn’t.  Note that I had to install Nightly Tester Tools to get many of these to work.  I am also now using the Classic Compact theme, […]

Marcin and I were talking a bit about mainframe security today. I recalled how fantastic mainframes were while he had his hands in the trenches. Yes, I know that IBM renamed MVS to z/OS (as well as other things) years ago. However, the concepts remain the same: TSO, ISPF, and JCL are […]

Here’s a new 2008 security prediction for you –
The iPhone camera is an odd device. There is no notification that a picture is being taken, so the only requirement for malware is to wait for user activity and then start taking pictures.
My prediction is that malware will be written to do just this and […]

Web application security scanners have not matured much. I guess patent wars and company-buyouts have caused a lot of stagnation over the past year. However, I think the problems may run deeper than just controversy and industry drama.
AppScan DE and DevInspect as exceptions — largely the web application security scanner industry is filled […]

An audit framework for evaluating structured security program frameworks
How many readers implemented a new security plan for 2006 or 2007? How many had clients that implemented a new security program? Which frameworks were involved?
Possible frameworks (Criteria)

No structured security program, or one based around a single vendor or regulation
Mike Rothman’s Pragmatic CSO (P-CSO)
Gunnar Peterson’s […]