On the wall above my desk are five rules, and they are the framework for how I get things done. I revisit these rules every year, and they are subject to themselves. Always iterating, words paired to only those most important, without fear of criticism and at whatever pace necessary…

Recently I had the great fortune to present at BSidesSF 2014 where I presented my thoughts on how despite huge technology advancements in application security we are still very much failing to make software secure right out of the gate. This has led me to start thinking of AppSec as just as much a sociological problem as a technology one. In my talk, I proposed we take ideas from Broken Window Theory and apply them to AppSec and in true BSides fashion, I was treated to a great discussion with an even greater audience.

NOTE: This post was written almost a decade ago. Everything here has since changed and I keep this post around only as a reminder of how things used to be. Making sure your data is encrypted when it’s being stored somewhere outside of your direct control is a good idea…

“I don’t believe society understands what happens when everything is available, knowable and recorded by everyone all the time” — Eric Schmidt, CEO, Google Actually I think society does understand, or at least we used to. This is exactly why there is a separation between juvenile and adult criminal records…

“Privacy is dead, deal with it” — Scott McNealy then CEO of Sun “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” — Eric Schmidt, CEO of Google Zuck: Yeah so if you ever need info about anyone…

As I hold on for the long wait for my iPad 3G I was inspired to pull out my Apple Newton MessagePad 120 to baseline how far Apple has come since the Newton was first released in 1993. I was amazed at how unintuitive it was to use and thought…

Read a rumor today that the upcoming Apple tablet might be called the iPad. I predicted it would be called the MacBook Tablet but I have to admit the iPad sounds compelling. It’s too close to iPod for me to like however. Rule one in marketing: Differentiate. My guess is that Apple is registering names of possible similar named products to avoid future problems. I will be presenting “Your Applications from Backdoors: How to Secure Your Business Critical Applications from Time Bombs, Backdoors & Data” at the OWASP Chicago meeting on Feb 2nd at 6:00 swing by (RSVP Req’d) for Pizza, Beer and Application Security discussions in the windy city.

I generally stay away from thinking about CES until the week is up and I can look at the big picture. For all the whining that goes on about FUD in the Information Security industry nowhere is there more hype and hyperbole than the annual consumer electronics show (CES) in…

Earlier this week I predicted that the La La acquisition by Apple was the start of an entirely new in the cloud online strategy for the iTunes music and media store. A few days ago the Wall Street Journal (link) confirmed my predictions by reporting that according to sources familiar…