Son of a Son of a Sailor

“As a dreamer of dreams and a travelin’ man I have chalked up many a mile Read dozens of books about heroes and crooks And I’ve learned much from both of their style” —Jimmy Buffet In the last few days I’ve had the opportunity to chat with a young bright and rising techie about transitioning into the realm of InfoSec. Now this transition didn’t just crop up one afternoon while looking at statements from SallieMae related to school dept. It has been looming on the horizon for a while. The signs were evident, VMs with multiple environments for experimentation, a podcast list gone way beyond Security Now. A noble pirate friend of mine once mentioned in a class, “You never[…]

Read more

CloudFlare Breach

If you are concerned about your security, you need to read this. This may affect some high profile sites like Fitbit, Dropbox, Zendesk, and Box.com, CreditKarma.com, among thousands of others. Some iPhone \ iPad Apps are affected as well. This section is completely excerpted from Nick Sweating  who is reporting that: Between 2016-09-22 – 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months. Requests to sites with the HTML rewrite features enabled triggered a pointer math bug. Once the bug was triggered the response would include data from ANY other Cloudflare proxy customer that happened[…]

Read more

Ocean Front Property

The esteemed Texas philosopher George Strait sang the great truth of:   “If you leave me, I won’t miss you, And I won’t ever take you back. Girl, your mem’ry won’t ever haunt me ‘Cause I don’t love you, and now if you’ll buy that…”   I happened to have this song flash into my head after a lunch conversation with friends. We were talking about PII (Personal Identifiable Information), without a doubt a truly fascinating topic at any time. I reflected on how often the people we are sharing our most sensitive information with don’t understand the value of that information and the ramifications of handling it poorly. So let me set the stage, I bought a house. Well, more accurately,[…]

Read more