My Writing

• Tools Smells Like Phish: Symantec's Update Norton Internet Security Email
• Authentication Facebook's One-Time Passwords: Why?
  Facebook's OTP feature replaces passwords for public computer logins rather than adding a second factor. It addresses keyloggers on kiosks but not common attack vectors like session cookie theft or...
• Risk Management Risk Management: Objectivist and Subjectivist Approaches
  Objectivists rely purely on historical data to predict risk; subjectivists complement data with judgment about context. A coin flipped by a magician might warrant different probability assessments...
• Web Security Time to Let Go of Java in the Web Browser: How to Disable It
  Java exploits have become the top moneymaker for exploit kit authors, yet few people regularly use Java in browsers. The likelihood of being targeted overpowers the benefits. Disable Java in browsers...
• Malware Analysis Free Toolkits and Frameworks for Malware Analysis
  Open-source sandbox platforms, analysis environments, and AI-assisted tools let you build your own malware analysis capability without commercial licenses. Options include CAPEv2, DRAKVUF Sandbox,...
• Malware Specialized Honeypots for SSH, Web and Malware Attacks
  Specialized honeypots for different attack types: Kippo logs SSH brute force and records shell interactions, Glastopf emulates web vulnerabilities like RFI and SQL injection, Dionaea collects malware...