theReformed

Worth Reading

robert hansen [rsnake]
(sectheory)

• HTTP Verb Brute Forcing - I read a few interesting posts here and here regarding brute forcing HTTP verbs. The F5 post suggested that it is possible to thwart people who are looking for what options you support by giving a
  Read more...  




chris eng, chris wysopal [weldpond] &
christien rioux [dildog]
(veracode)

• Tallying Twitter?s Application Security Best Practice Violations - If you were paying attention the last few days, you’ve probably read about the wave of attacks launched against the popular Twitter service. It started over the weekend, with a series of
  Read more...  




spacerogue

• HNN Archive Posted - I don’t really know who actually owns the Hacker News Network anymore. I own the domain now but the original content was part of the sale of L0pht to @Stake which was then sold to Symantec. At
  Read more...  




dan kaminsky
[ioactive, inc.]

• No School Like The Old School - I really need to learn to leave DNS alone DNS TXT Record Parsing Bug in LibSPF2 A relatively common bug parsing TXT records delivered over DNS, dating at least back to 2002 in Sendmail 8.2.0 and
  Read more...  




dino dai zovi

• ARM versus x86 - At Hack in the Box in Kuala Lumpur this year, I was interviewed by Sumner Lemon of IDG about various Mac and iPhone-related security topics.  One of the topics was the relative security of ARM
  Read more...  




amrit williams

• “Happiness” my new password for 2009 - Wired reports that the 18 year old hacker (age is not relevant but it always fun for the media to point out that some “hacker” is still in his teens) responsible for breaking into
  Read more...  




dave goldsmith, jeremy rauch,
thomas ptacek & chris rohlf
[matasano chargen]

• Penetration Testing: Dead But Not Really Dead. - Yah, late commentary.  Sorry, been a little busy.  Brian Chess kicked the hornet’s nest beautifully by declaring: Penetration Testing: Dead in 2009 with:   “Death doesn’t mean
  Read more...