Primary links


Yelp claims Javascript improves security

News to me...seen when I visited with noscript blocking their javascript:

Security tips from Adobe???

Now this is the last thing I expected in my inbox today - Adobe telling me how to use Acrobat 9 to "prevent major security mishaps"

(For those who haven't been following, Adobe just finally released an update today, the same day I got this email, that patches a security hole that was found in early December 2008. They're not in a position to tell us about security after sitting on a patch for a month)

Firing over data-loss is not enough

Happy New Year!  Guess what hasn't changed? Another f*up took plaintext data home on a portable drive (ok, it happened 12/1/2009, news came out today).

Negative One Factor Authentication

Network World Magazine is running a story about Robert Thompson from AVG, who apparently had an Interesting Conversation with a Wachovia consumer security representative recently.  As he details on his blo

2000 is calling, they want their news back: "IPSs need tuning"

ORLY?Dark Reading has an new article yesterday based around a (non public, not free) report from NSS labs.  Apparently the report says that intrusion prevention systems need tuning.

Prediction: 2010 Insecure iPhone app of the year: Square

credit card phone adaptorOK, so I stretch a little.  I'm sure there's nothing insecure about Square's upcoming credit card processing app, itself.  I'm sure they encrypt communications back to their servers and the merchant banks, and as they're a new company they probably properly encrypt PCI data in their databases.

Google running unauthorized updates as root on my mac

While working on a client project last night, I notice a flicker on my mac's desktop.  Figuring it's just Time Machine doing it's job, I ignore and continue working on my project. A few seconds later, the mounted Volume icon disappears. I've never seen Time Machine complete a backup in seconds - it's a time hog. "What the hell was that??" I think...

Assuming the worst, I disconnect the system from the network and begin investigating. Digging through system logs, I find...

New iPhone "Vulnerability" Not News

The media's at it again.  It became "news" last week when the first iPhone worm appeared on the scene, accessing jailbroken iPhones via ssh with a default root password.

Default root password attacks came out when? 1975 or so? How is this news?

Introducing the new PI website

In conjunction with Protected Industries reaching it's first year in business, we've revamped the website.

It's been a fun, busy year.  We've landed some great clients, and are continuing to work on the potential of offering hosting services.  We've done code reviews for financial institutions, penetration tests for web 2.0 companies, web development for startups and graphic designers, and provided operations consulting for established companies.  We're looking forward to 2010 and really ramping things up!

Syndicate content