Shirkdog's blog

Climate Change and Information Assurance -- and how they are bullshit

In the course of presenting any form of analysis or research, the details of how you come to your conclusions must be indisputable. The scrutiny faced by your peers should be enough to validate your claims as being reasonable before presenting them in any forum.

But this is not always the case in the lives of professionals, as notoriety can blind the path of virtue. How many of us would trade an honest position, to present an idea that is based on falsehoods, or is an evasion of the truth, to make more money, or gain the spotlight?

Here enters, global warming.

Funny Vulnerability Disclosure

There are a number of things to laugh at in this vulnerability disclosure, beyond the bug itself.

Thierry Zoller notified Apple to resolve this issue, but things were never handled correctly. Along the way, Apple sent a message, encrypted with their own public key to Zoller, which was worth a lulz.


Advisory: Apple Safari & Quicktime DoS


DX Studio Player Firefox plug-in command injection -- Complete with built-in Shell command

Nothing like having the API do the work for you:

shell.execute("cmd.exe","/k cls|@echo this is wrong, very wrong.")

[Core Security Advisory]

Why CISSP's are ruining security - An interesting parallel to MCSE's ruining Information Technology

It is just one of those things, that eventually happens, but I want to take everyone back to 1999/2000. You have the Y2K bug, so people were focused on this as it affected applications in their enterprises. But after this paranoid (Black Sabbath reference, and not a misspelling of paranoia) subsided, I began to see advertisements, and hear about Microsoft Certified Training. I was working in a help-desk at the time and several of my co-workers actually had this MCSE in Windows NT. Windows 2000 ... was released and now all of them had to upgrade their certification and retake the test.

Syndicate content