The brilliant Dominic Baier is a fellow MSFT MVP for Developer Security and sends us a freindly reminder that “history repeats itself”. Learn history and learn about what to expect.
http://www.leastprivilege.com/TheUniversalRulesOfInputValidation.aspx
As Anton Chuvakin posts “TJX was not PCI compliant so who pays ?”. This should be an interesting story to follow. Lets see if TJX AKA “Card Systems 2.0″ are also thrown under the bus (they of course may well be guilty as charged) and see if the assessor who may (we don’t know yet) [...]
I read a lot when I have time; so these days I buy books and speed read them. It works well for me, I learn a lot and don’t spend as much time as I would if I read them from cover to cover. These days I read more startup, marketing (mainly Seth Godin) and [...]
I just read a story about the Digg folks and the YouTube guys. I am so unhip I can’t evan recall their names from 5 mins ago.
Doh…..It struck me that all of these poster children (YouTube, Digg, Flickr, Blogger, GMail, etc) have one thing in common. Software as a Service.
Its back to the [...]
I just read a story about the Digg folks and the YouTube guys. I am so unhip I can’t evan recall their names from 5 mins ago.
Doh…..It struck me that all of these poster children (YouTube, Digg, Flickr, Blogger, GMail, etc) have one thing in common. Software as a Service.
Its back to the roots of [...]
The “main man” of pragmatism speaks volumes. Guy Kawasaki on what NOT to do with your online business.
http://feeds.feedburner.com/~r/guykawasaki/Gypm/~3/83403458/the_top_ten_stu.html
Again I find myself up late at night and needing to update some more functional specs to make sure we make our products innovative and a pleasure to use.
Guys point Number 8 is just so true. Why do we think its normal [...]
I found myself writing an email to someone about online communities. After the first paragraph I realized it would make a good blog posting, here goes.
Back in 2001 I started OWASP (http://www.owasp.org). I left the project in 2004 . During those 3 years I learnt a great deal about people, online communities and the organic nature [...]
I am always on the lookout for video material related to the info sec industry.
Part 1: http://www.youtube.com/watch?v=xWLCM2GvjJg
Part 2: http://www.youtube.com/watch?v=t2vSjwKDJ_A
Part 3: http://www.youtube.com/watch?v=uK_GMUKbgc0
Part 4: http://www.youtube.com/watch?v=MSyreHXGhbQ
Part 5: http://www.youtube.com/watch?v=7q9BQg5UX04
Part 6: http://www.youtube.com/watch?v=mxkp4L9Tg6E
For as while I have had serious concerns about the PCI Security Standard. I have raised them with the folks who manage it (or did manage it at the time) and got nothing but short shrift. In fact it was worse than that; instead of listening to the concerns I had a bunch of total [...]
http://www.bpm-today.com/story.xhtml?story_id=49490
I may have missed the plot but over the last 5 years I don’t seem to have been infected once. Of course maybe that’ the point; I wouldn’t have needed to know but why haven’t the slick marketing people done a better job of actually telling people how they were protected?
Security is a post event trigger [...]
Recent Comments