07Jan, 2014

Missing Security Features in Windows Phone 8

As I have spent some time researching and developing a WP8 application security testing methodology and process, I have come up with three key security features that are missing from Microsoft’s Windows Phone 8. From an offensive security perspective, these feature are good to have for testing but from an end user perspective, they are […]

06Apr, 2011

SSL Renegotiation DOS FAQ

Frequently Asked Questions related to SSL Renegotiation Denial of Service Q. What is the difference between SSL and TLS? A. SSL and TLS is the same thing. For trademark reasons when SSL became an open standard it had to change its name from SSL to TLS. TLS 1.0 is essentially SSL 3.1 – it even […]

04Apr, 2011

Browser Security

Attacks are moving from your operating system to your third party applications including but not limited to your web browser, PDF reader, video players, etc. Additionally, software makers patch their software multiple times per year. For these reasons, I recommend you ensure ALL your software is up to date. To check if your browser and […]

19Mar, 2011

Blackhat Europe 2011 Recap

Blackhat Europe 2011 just wrapped up. If you weren’t able to make it (like me) then we must rely on the community to fill us in on what went down until Blackhat.com puts up the archives. I would like to share the write ups I found most useful: Corelan.be Day 1 Rootshell.be Day 1 Corelan.be […]

17Mar, 2011

Cross Platform Password Management

Every information security professional will tell you to use different passwords for every site. This is because if one site gets compromised and your password is cracked then the attacker can log into every site you use. The biggest complaint consumers have with using different passwords is remembering them all; now you don’t have to. […]