You can't secure what you don't acknowledge.SM

Thursday, January 15, 2009

I laughed out loud when I saw this

From the recent CVE 2008-5754 alert:

Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.

Notice anything ironic?

Moral of the story: keep your marketing people reigned in.

Wednesday, January 14, 2009

How much is your product worth?

Henry Ford put it nicely when he said "It is not the employer who pays wages - he only handles the money. It is the product that pays wages." A good quote to remember when it comes to tweaking the quality of your work and proving your value to others.

Are you goofing off too?

In this age, we're all concerned about the well-being of our companies and especially the viability of our jobs. Things are certainly not looking up for at least the foreseeable future in '09. I hear it, I read about it - everyone seems to be concerned. All of this and there's one thing that STILL blows my mind. It's people goofing off on the job.

I do a fair portion of my work at client sites and am completely amazed at all of the Internet surfing, phone calls, smoke breaks, and non-work related things that people do on the job. Interestingly when it comes time for me to set up meetings and gather information, things always seems to take a long time...It's as if everyone's busy but nothing real important is getting done. Scott Adams hit this whole concept dead on with Dilbert.

I not only see it in people's actions but I also see it in all the things that are left undone when it comes to the vulnerabilities in the networks and applications and mobile systems I test. I originally thought it was a fluke in a select few organizations but after seeing the same behaviors year after year in varying types of organizations, I think it can be classified as a trend.

Based on what I see, I'm surprised that businesses get much done at all. The experts say we use less than 5% of our brain capacity...studies have even shown that number to be around 1%. Wow. This PLUS not working all out on our jobs!? Imagine how successful businesses could be if we just doubled our brain utilization and work efficiency...!

Don't get me wrong, I love having a good time. In fact, one of the quotes I have on my desk is "Play as hard as you work." I'm not being judgmental either. I'm calling it like I see it and I'm just trying to help.

If there has ever been a time in our careers where working all out should be the mode of operation, it's right now. Today. 2009.

So, if you want to stand out above the noise and be thought of as a person of value when/if the time comes to cut staff - and promote staff - make every minute count. Work as if you're billing by the hour. Work as if everyone is watching what you do. Work effectively and efficiently at the office and then leave it there. Don't take it home with you to simply drag things out more. Instead spend that time doing the important things in your life.

The payoffs won't be immediate but if you program yourself to do things now and work as if every single action you take is designed to move things ahead foot by foot and eventually mile by mile, you'll develop a whole new mindset...a mindset that will enable you to double or triple your salary and become a successful person in every facet of your life.

Monday, January 12, 2009

My latest security content

Welcome to the first real (i.e. productive) week back in the New Year. These have been stacking up a bit while I've been out fighting this sinus junk that everyone seems to have. So here you go.

First off, here's an article I wrote for
Five predictions for Web security trends and changes for 2009

And here's an article I wrote for
Building credibility and getting others on your side

Finally, here's a piece I wrote for
Ten ways you can make your data backups more secure

Lots of good stuff coming in 2009...looking forward to sharing it with you!

In the meantime, be sure to check out for all of my information security articles, podcasts, webcasts, screencasts and more.