You can't secure what you don't acknowledge.SM

Thursday, February 19, 2009

25 Most Dangerous Programming Errors???

Check them out here. I like the concept of the Top certainly helps spread the word...but who are they kidding when they talk about the Top 25's "major" impacts?!

The site claims:
*Software buyers will be able to buy much safer software.
*Programmers will have tools that consistently measure the security of the software they are writing.
*Colleges will be able to teach secure coding more confidently.
*Employers will be able to ensure they have programmers who can write more secure code.

Folks, this stuff has been around for ages...and so have the barriers to accomplishing these very things. As long as humans are involved, as long as developers aren't on board with security, and as long as management doesn't buy into this whole concept, it's going to be more of the same.

My latest security content

Here's my latest stuff. First off, here are two articles I wrote for
Sysinternals tools: A must-have for every Windows security toolbox article I wrote for
Web application security gaps not fixed in 2008

...and an article I wrote for
Five common Linux security vulnerabilities you may be overlooking

In the meantime, be sure to check out for all of my information security articles, podcasts, webcasts, screencasts and more.

Wednesday, February 18, 2009

Great quote regarding laws and policies

Here's something I just came across that reminded me of the cluster$*!@ that's usually created by people trying to put together security policies. It also reminds me of the ridiculous government growth plan (you've gotta read the stuff at this link) created by Obama - our American Idol.

"Laws are like sausages, it is better not to see them being made." - Otto von Bismarck, 1st Chancellor of the German Empire (1815-1898)

Being a security guy, a supporter of limited government, and a vegetarian I can truly appreciate this. ;-)

An upcoming seminar you may want to attend

If you're in or around South Carolina, I'll be leading a seminar on ethical hacking for the South Carolina chapter of ISACA in Columbia on March 19th. It's going to be a fun and enlightening get together.

Here's a link to the page if you want more info. Maybe I'll see you there!

You can rise above this

I took some time off this past week for some fun and relaxation in the snow of Utah. Wow - what a great way to escape!

Anyway, when I was out and about I heard people complaining about the economy: "no one's hiring, gas is too high, when am I going to get a bailout?" - that kind of stuff - usually in a drab Squidward-like tone (you SpongeBob fans know what I mean!). Sure, things aren't great - and we're all being affected - especially with our runaway government implementing all of this "change we can believe in".

But there is a silver lining. Want to know what it is? It's the fact that we all have a choice to either wallow in the woes of the world OR to get out there and better ourselves and start making our own changes that we can actually rely on rather than "believe in". There's a saying that if you work long enough and hard enough you must eventually hit a homerun. If you want to get ahead then you've got to get going. This requires: 1) aspiration, 2) determination, 3) motivation, and, most importantly, 4) perspiration (a.k.a. working your butt off). Study these words and use this as your formula for success in 2009.

Start today. You won't regret it. Things will only get better.