: Thoughts on passing the GIAC Security Essentials (GSEC) Today I passed the GIAC Security Essentials Certification, also known as the GSEC. I passed with a …
: Despite DoH and ESNI, with OCSP, web activity is insecure and not private TL;DR Certificate Transparency (CT) logs increasingly provide virtually every TLS certificate to be …
: PowerShell one-liner to find outbound connectivity via WinRM In controlled environments, it’s useful to know when outbound connectivity is not restricted to a …
: SQL Injection with New Relic [PATCHED] Background First off, I have found New Relic to be a great application performance monitoring (APM) …
: Last weekend, I did some sprucing up of my public website. It’s just a simple static one-pager, but …
: First Impressions Matter When it comes to researching vendors, first impressions matter so much. I tend to judge any …
: Alkami: Genesis In the summer of 2008, I was preparing a large strategic product shift within Myriad Systems, Inc. …
: Security Advisory for Financial Institutions: POODLE Yesterday evening, Google made public a new form of attack on encrypted connections between …
: Alkami: A Retrospective What a wild and crazy journey the last five years have been. When I started this blog in 2009, it …
: Security Advisory for Financial Institutions: Shell Shock “Shell Shock" Remote Code Execution and Compromise Vulnerability Yesterday evening, DHS National …
: End-User Credential Security This week’s announcement that a Russian crime syndicate has amassed 1.2 billion unique usernames and …
: When to Ride the Service Bus One of the great things about adding new, senior talent to a storied team working on a large, …
: The Wires Cannot Be Trusted; Does DRM Have Something to Teach Us? In the continuing revelations about the depth to which governments have gone to subjugate global …
: Scaling Enterprise Database-Bound Applications: I/O Optimizing Slow Accesses While most software developers like to think of themselves as computer …
: A Brief Introduction to Part-of-Speech Tagging A field of computer science that has captured my attention lately is computational linguistics – the …
: Robustness in Programming (For my regular readers, I know I promised this post would detail ‘a method by which anyone could …
: When All You See Are Clouds... A Storm Is Brewing The recent disclosures that the United States Government has violated the 4th amendment of the U. S. …
: Doing Your Due Diligence on Security Scanning and Penetration Testing Vendors All too often, development shops and IT professionals become complacent with depending on packaged …
: Thwarting SSL Inspection Proxies A disturbing trend in corporate IT departments everywhere is the introduction of SSL inspection …
: CNN Lies to Every One of Its Web Viewers When is it okay to flat out lie to your users? I would argue: Never. But the website of one of the …
: The Cost of Speed First off, I’m quite dissatisfied with my work. But then again, isn’t every architect? No matter how …
: It's About the Developers, Stupid! Last week’s continued equity market shakeups were made even more volatile by a few headscratchers: …
: Will State Treasuries Get Wise to Geolocation? Slowly, mobile users are becoming increasingly complacent with giving up the last remaining visages …
: Sony's Poor Behavior: What does this say about learning in America? Ask any technical recruiter, or any quickly-growing technology business, what the number one …
: P2P DNS: Not solving the real problem of centralized control The more tech-savvy probably noted with passing interest the news blip this last week by Peter …
: Be Assimilated, Or Be Ignored An interesting exercise is to visualize tidbits of data as material widgets, units of value that can …
: The Long Overdue Case for Signed Emails A technology more than a decade-old is routinely ignored by online banking vendors despite a …
: Facebook OpenGraph: A Good Laugh or a Chilling Cackle? If you want to sell a proprietary technology for financial gain or to increase user adoption for …
: Structure vs. Creativity The other day I was speaking with a friend on the east coast about some of the nuances of the HTTP …