My Writing

• Tools Smells Like Phish: Symantec's Update Norton Internet Security Email
• Authentication Facebook's One-Time Passwords: Why?
  Facebook's OTP feature replaces passwords for public computer logins rather than adding a second factor. It addresses keyloggers on kiosks but not common attack vectors like session cookie theft or...
• Risk Management Risk Management: Objectivist and Subjectivist Approaches
  Objectivists rely purely on historical data to predict risk; subjectivists complement data with judgment about context. A coin flipped by a magician might warrant different probability assessments...
• Web Security Time to Let Go of Java in the Web Browser: How to Disable It
  Java exploits have become the top moneymaker for exploit kit authors, yet few people regularly use Java in browsers. The likelihood of being targeted overpowers the benefits. Disable Java in browsers...
• Malware Analysis Free Toolkits for Automating Malware Analysis
  Free toolkits for automating malware analysis include Truman framework for behavioral analysis, Minibis from CERT.at, Cuckoo sandbox, Zero Wine (Windows malware in WINE on Linux), Buster Sandbox...
• Malware Specialized Honeypots for SSH, Web and Malware Attacks
  Specialized honeypots for different attack types: Kippo logs SSH brute force and records shell interactions, Glastopf emulates web vulnerabilities like RFI and SQL injection, Dionaea collects malware...