Cyber Foundations 2011
Filed under: Security
If you are just hearing about the Cyber Foundations 2011 National Competition, you can start preparing for next year. The deadline to enter into this competition was February 25th, 2011. So what is this competition? It is a talent search for high school students with foundational skills in cyber security. The ...
Reflector Goes Commercial
Filed under: Security
Today appears to be the last day to download Red-Gate's .Net Reflector tool for free. The Reflector tool disassembles .Net assemblies back to .Net code (sort of). This is very useful to be able to grab an assembly, and not only look at the methods it contains, but also to view exactly what ...
DropBox Job Description – A Step in the Right Direction
Filed under: Security
I recently logged into my DropBox account and noticed that the landing screen had a notice about current job openings. I thought I would take a look at what they had available. I clicked on the Web Engineer position (http://www.dropbox.com/position?jvi=orflVfwG,Job) and was impressed to see one of their requirements: “You've seen CSRF and ...
Gmail’s Two Factor Authentication
Filed under: Security
Google recently implemented a new "two factor" authentication option for their gmail application. Two Factor authentication adds another layer of security by requiring an additional verification after you enter your valid username and password combination. This makes it more difficult for a malicious user that may have stolen your password to actually access ...
Call for Education or Need for Better Applications?
Filed under: Security
The fallout from the recent VA issue http://www.nextgov.com/nextgov/ng_20101222_6852.php has made me think about one issue around software security. Is it a lack of security education or out-dated applications that lead to some of these breaches. In this example, the users apparently wanted to be able to share their calendar among multiple employees. ...
Enhancing the UI with Greasemonkey
Filed under: Development
Have you ever used a web application and wished that it would act a little differently to make your day easier? I recently ran into this with an external application. There were sever sets of data (tables and list boxes) that would be much more useful if they were sortable. Unfortunately, since ...
SDL Regex Fuzzer
Filed under: Development, Security
Updated 11/2/2010 Microsoft has released a new "Free" tool called the SDL Regex Fuzzer. You can download the tool from Microsoft's Download Center here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8737519c-52d3-4291-9034-caa71855451f. The Regex Fuzzer is used to test regular expressions to see if they are vulnerable to Denial of Service Attacks (ReDoS). A Regular expression denial of ...
Firesheep: A Repudiation Issue
Filed under: Security
I recently posted on some of the hype surrounding the new Firesheep FireFox extension. Today, ComputerWorld (http://www.computerworld.com/s/article/9194159/Is_it_legal_to_use_Firesheep_at_Starbucks_) had an article discussing the legal issues around the use of the tool. I believe the legal aspect is important, but could be very difficult to prove. I am more interested in the implications ...
Firesheep: What’s the hype?
Filed under: Security
Recently, a new FireFox extension was released called FireSheep. If you haven't heard about it yet, I am sure you will soon. If you are interested in it, a quick google search will pull up many details. There has been a lot of blogs and other articles written about this new ...
Cyber Patriot III
I recently volunteered to help mentor the local Civil Air Patrol cadets in the Cyber Patriot III event. The goal of the event is to get the cadets interested in cyber defense by having them secure different systems. This scenario is defensive only. The cadets receive a virtual image that contains a vulnerable operating system ...
Follow Us
