Primary links


Google auth + Safari private browsing issue?

Just ran into something interesting - not sure if this is a Known Issue or not.  Using Safari 5.0.5 on OSX 10.6.8, I was authenticated into a Google property (gmail). Switched to "Private Mode" in Safari, then attempted to log out of gmail and switch to a different account. Even after clicking on "Sign in as a different user" I am still returned to the same page, prompting me to authenticate the last user logged in.

Website Relaunch -

While web development is only a portion of our business, it is a growing chunk that we have hired more resources for and gained more customers.  To that end, I'm going to start featuring websites on here that we either build.  If we get really ambitiuous, we'll add a portfolio section to the site, but one thing at a time...



RSA Insecure Tokens - Now What?

Yesterday RSA announced their SecurID system was breached.

The Gamification of Infosec

Naked Password - this is what insecurity looks likeBeen on a blogging lull - have a growing list of things to talk about, but been busy on a few fun projects (more on those in coming days!).

This, though, had a good dose of originality, so I thought I would share - Naked Password

Protected Industries Joins Drupal Association

Drupal Association Organisation MemberWe've now been working with Drupal for over two years! Over that time as our experience has grown, we have tried to give back to the community through helping others, testing code, and helping junior developers grow.  We're proud of what we've done so far, but honestly, it's past time for us to put our money where our mouth is. So today we joined the Drupal Association.

More AT&T Fail

It's no secret that I have no love for AT&T. I live in San Francisco, and I have an iPhone. What more do I need to say?

I was without signal while sitting in my office for about an hour this afternoon.  Finally I noticed the signal came back, so I fired up the Mark the Spot app to...mark the spot. Again. Latest version of the app asked if I wanted to register with AT&T so they could provide feedback as they improved things.  Golly, sure! So it fires off an SMS message to AT&T.  The response I get back? Fail...

How much does a penetration test cost?

This is a question that both our current and potential customers ask: "How much will it cost do perform a penetration test on our company?"  Usually our method to answer this is to go through a survey with the client that addresses several topics:





41 Financial breaches so far in 2010? Really???

march infosec breachesI'm all for statistics as much as the next security person.  When I'm talking to clients, I try to quote useful statistics to help them make business decisions, not to scare them into purchasing things.  But I digress...

Google indexing long FQDNs, but not fully displaying them

This is sorta fun, although I'm sure not new: malicous factions seeding Google's index with hostnames too long to display, perhaps an un-educated user would think it's a bug in Google and just a cache link??

Cloud Infrastructure providers, ssh host keys, and you

I think I'm adding a new step to my acceptance procedures for cloud servers: always re-generate the ssh host key. Providers aren't always doing their homework and making sure that the ssh host keys on their customers servers properly created.

Syndicate content