• CRASS – Vulnerability Disclosure

    After a very slow 2014, Cynical Rants About Security Stuff – or CRASS for short (unfortunate and unintentional) is my attempt at being more regular in publishing content. The idea is that once a week I’ll ramble for a couple of minutes on any given topic.

    This week I rant about the vulnerability disclosure process and how Google and Microsoft arguing publicly doesn’t really help anyone. There are some football (soccer) references that I’m sure all my US-based friends will totally understand.

    I won’t write up all my thoughts on the topic as I’ll be covering ground that many have already written about. If you’re interested in finding out more, or exploring other opinions on the subject, then I recommend checking out the following

    Rob Graham: A call for Better Vulnerability Response

     Space Rogue: In the beginning there was full disclosure

    and Steve Ragan: Microsoft blasts Google for vulnerability disclosure policy

  • A friend with photoshop is all you need

    Jimmy is a good guy – I like him, he works in security and trains MMA. Which means if he can’t gain access to your server, he’ll simply beat the password out of you.

    Then he posted this picture on twitter in a cowboy hat. Ridiculous cowboy hat

    As they say, a little photoshop is a dangerous thing – and the temptation was too great to not take advantage of the opportunity.

    1 brokeback

    Which led to the birth of Jimmy Sozé

    2 usual suspects

    This got Jimmy a bit worked up, so I challenged him to a duel.

    3 duel

    He said he’d kill me – to which I said that’s a crime punishable by hanging till he’s dead, dead, dead!

    4 hang em high

    The subsequent barrage of messages proved that Jimmy was indeed unchained. (more…)