Archive for July, 2008

Humbled by HackersforCharity.org

July 19, 2008

So I was totally stoked to pick up an iPhone yesterday- I’m still completely jonesing for integrated digital goodness.  Surprise, *both* ATT stores I visit were out of stock (I’m still laughing).  After a long week on the road, I am just now catching up on blog reading (and laundry, expenses, etc- it’s a good way to spend a Saturday morning…).  I read one particular post that knocked me flat on my tail.

I met this guy named Johnny Long a couple years ago at a InfoWorld in the SF Bay area (after hearing his name it clicked *oh*, this is that google hacking dude.)  Cool guy.  Bigger heart.

Check out http://www.hackersforcharity.org Put it on your RSS feeder list if you’d like.  I have a couple of friends actively serving in Africa, and his most recent post reminded me how much help is needed over there.  We take our easy access to the web for granted, Johnny’s most recent post reminded me how completely commercially focused I can get.  (Whitney, if you’re out there- I hear you)

I spend most of my life working, thinking of work, and reading about work.  I have a hard time turning it off.  Sometimes I get so busy in my little world that I forget how much more there is to life.  People with a heart for service remind me how much I am missing out on.  Sometimes a little can go a long way- whether cash (check out what AOET Kenya can do with iPhone class fundage) or time (building websites, systems, access, etc)- we all have gifts, if we all pitch in, we can enable others on the front lines…

I know I need to be more active on these fronts (we all need to be doing SOMETHING to give back with the gifts we have been trusted with.)  Call it God, call it karma- regardless, I’m sure we would all rather be seen as grateful rather than spoiled, GET INVOLVED!!

Keep up the great work Johnny, I can’t wait to catch up at Defcon!

Advertisements

Good Times in Toronto

July 17, 2008

Back in Chicago O’Hare international airport (ORD) for the third time in four days.  I am headed home from a trip to Cincinnati and Toronto for meetings and a presentation at the Toronto OWASP chapter- what a fantastic group!  Special thanks to Nish and Reza for having us out!

After a talk on Business Logic flaws, conversations ventured into some great discussion on recent court rulings and Internet directed legislation, former war stories, if Arian is really an 8.5 on hot-or-not, and why proper creole spices aren’t sold in Canada.  (no kidding mom, the guys up there want some Tony Chachere’s!)

During the talk, I failed to get further into how WA processes were not designed to detect security flaws in business logic due to confirmation bias.  I have read on this in the past, but Robert Graham recently posted a GREAT read on the topic, check it out- ‘why you have to reboot your router

Thanks for a great trip, Toronto!

(June 30 deadline) + (x days late) = What now?

July 7, 2008

So many have slid past the June 30 deadline for PCI 6.6, many of the rest are sick of hearing about it. If you’ve missed the deadline, this talk is for you. I’ve been asked to do a final Webinar on 6.6 this Thursday at 11AM Pacific. Targeted discussion points will include:

  • A brief overview of PCI Requirement 6.6
  • The difference between Compliance and Validation
  • Steps to ensure a ‘surprise free’ onsite audit

I’m not a fan of ‘death by powerpoint’, so this will hopefully be more of a discussion and Q/A for the attendees. Hope to see you there- register here, or at:

https://whitehatsec.market2lead.com/go/whitehatsec/pci0710seekinfo