Son of a Son of a Sailor

“As a dreamer of dreams and a travelin’ man I have chalked up many a mile Read dozens of books about heroes and crooks And I’ve learned much from both of their style” —Jimmy Buffet In the last few days I’ve had the opportunity to chat with a young bright and rising techie about transitioning into the realm of InfoSec. Now this transition didn’t just crop up one afternoon while looking at statements from SallieMae related to school dept. It has been looming on the horizon for a while. The signs were evident, VMs with multiple environments for experimentation, a podcast list gone way beyond Security Now. A noble pirate friend of mine once mentioned in a class, “You never[…]

Read more

One, Two, Three…Crunch!

Since Mr. Owl first dared to unravel one of the confectionary world’s most puzzling secrets in the classic 1970s TV commercial, dedicated Tootsie Pop fans everywhere have tried to provide a definitive answer. Many have attempted, and failed, to lick their way to the center of the Tootsie Pop. My best attempt was in the mid thirties before I gave in. Crunch! The temptation to bite and reach the embedded Tootsie Roll prize has proven too great… just like it was for Mr. Owl. But a more vitally important topic is how many “Clicks” does it take to compromise your computer security? That number is easily calculated… The answer is ONE, just a single click can launch a whirlwind of[…]

Read more

CloudFlare Breach

If you are concerned about your security, you need to read this. This may affect some high profile sites like Fitbit, Dropbox, Zendesk, and Box.com, CreditKarma.com, among thousands of others. Some iPhone \ iPad Apps are affected as well. This section is completely excerpted from Nick Sweating  who is reporting that: Between 2016-09-22 – 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months. Requests to sites with the HTML rewrite features enabled triggered a pointer math bug. Once the bug was triggered the response would include data from ANY other Cloudflare proxy customer that happened[…]

Read more