When I first saw this fly by on Twitter (ironic) I thought it was Rsnake joking around. I followed his comment about it over to Vantage Credit Union’s web site and saw that sure enough, their customers can do limited banking via Twitter. Before I go further, let me state this openly. I like and [...]
Tags: bad idea, banking online, twitter, web security
The last week was really busy while I prepared to do my presentation at the Utah Open Source Conference. While I was engaged in this process I got a message from Larry Pesce of the Pauldotcom Podcast. He had some updates to Reconnoiter and wanted to shoot them over to me. He said that he [...]
Tags: pauldotcom episode 170, reconnoiter project, security tools, social media, username generation
On Friday October 9th at 12:00 PM I will be speaking at the Utah Open Source Conference on how to put together a kit of security tools using open source software. I discuss a fictional company that we work at and some of the things that we can put in place to help secure the [...]
Tags: open source, security tools, utos 2009, utos presentation
Earlier this month I decided to take the scripts for username generation and roll them into an open source project. There were a couple of reasons for doing so. First, I needed source control hosting and SourceForge provides that for free as long as you release the project to the public. Second, I want to [...]
Tags: open source, penetration testing, web app security
I’ve written a couple of posts about a script I wrote to generate usernames. Since then I’ve written another script that uses Yahoo’s XML API and both of them have been included in SamuraiWTF. It’s been pretty cool to see people try out something that I wrote and find it useful to them. The scripts [...]
Tags: penetration testing, username generation, username generator
Mike Patterson on the Pauldotcom mailing list commented that he thought usernameGen.py could use handling for middle names. The template that he suggested was of first initial, middle initial and last name. I think he’s right. Originally I had the script avoid middle names or initials, but I went back and added the format Mike [...]
Tags: penetration testing, social networks, username generator
I wanted to do some testing on access controls to a SQL server recently, but I needed to a decent password list and username list. Password lists are fairly straight forward to find and I used an excellent how to from the Pauldotcom Podcast to create my password list. Next I needed a [...]
Tags: social networking, username generation, web security
There have been a few vulnerabilities lately with Adobe Acrobat Reader handing malicious javascript badly and this post is to show how to disable javascript in Acrobat Reader. While disabling an entire piece of functionality seems a bit like over kill, there are a couple of reasons that you may want to do this.
Adobe was [...]
Tags: adobe acrobat vulnerability, computer security
This is a bit different from what I’ve posted before. I’m forming a group to prepare for the CISSP examination. We will be conducting the sessions via Skype and using some other online resources for sharing information. I expect to get started in late April or early May and it should last about 3 months.
I [...]
Tags: cissp study group
On March 31st the House of Representatives Subcomittee on Emerging Threats, Cybersecurity, and Science and Technology held a hearing on the effectiveness of the PCI Data Security Standards. Video and documents from the hearing are available here. The question of the day was whether or not PCI DSS actually prevented computer crime.
I started watching it [...]
Tags: congress pci hearing, pci standards, security standards
