Dominic White - Entries from October 2007

SA Security Bloggers

SensePost

Haroon Meer
link

Matt Erasmus
link

Andrew Mohawk

Junaid Loonat
link

Barry Irwin
link

Tom Wells

Allen Baranov
link

Jock Forrester
link

IT Security Pubcast
link

Telspace

ISGAfrica

Ralfe Poisson

How-To's
link Linux SSH Jail with pam_chroot
link Firefox Privacy & Security Extensions

Papers
link Managing Patching, my MSc Thesis
link Risk Analysis of Monthly Patch Schedules

Tools
link Automated Vodacom SMS (VodaSMS)
link RSS 2 SMS
link DShield Hack Detection

Neologisms
link Encryption principles
link Zoolander's Law

Syndicate This Blog

SSL

Certificate fingerprints:

SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89

HTTPS version.
You can find an explanation here.

License

Original content in this work is licensed under a Creative Commons License

Disclaimer

This blog and its contents are in no way affiliated with, or endorsed by my employer.

Wednesday, October 31. 2007

Web Hacking 2.0 - A Movie

pdp pointed out Joe Walker's slides on the matter. They are clear and beautiful and I've embedded them below. I think this complements the "Web Hacking 2.0" post quite nicely.

Continue reading "Web Hacking 2.0 - A Movie"

Posted by Dominic White in Security at 07:18 | Comments (0) | Trackbacks (0)

Tuesday, October 23. 2007

Climate Change Resources

Deloitte has gather together some good climate change resources. If you want some white papers, formal research or the like, this has some good links.

Posted by Dominic White in Politics at 19:50 | Comments (0) | Trackbacks (0)

Tuesday, October 16. 2007

The Towelie Encryption Principle

Straight from Dominic's jargon generation lair, come the following two encryption related terms:

The Towelie Encryption Principle states:

Encryption should be implemented as high up the application stack as possible.

The Underground Fortress Effect

The underground fortress effect is a description of encryption's ability to enforce access controls/authorisation at the layers of the application stack below the layer at which they are defined.

Continue reading "The Towelie Encryption Principle"

Posted by Dominic White in Security at 21:33 | Comments (0) | Trackbacks (0)

Thursday, October 11. 2007

PCI DSS Compliance Deadlines

They're not standard; It changes per country, per card brand and per bank. There's lots more to this in South Africa mail me if you want more info.

Posted by Dominic White in Security at 19:31 | Comments (0) | Trackbacks (0)

Great SQLi XKCD

I'm definitely making '); DROP TABLE Students -- my son's middle name; ' OR 1==1 -- will be my daughter's.

Posted by Dominic White in Security at 19:26 | Comment (1) | Trackbacks (0)

Sunday, October 7. 2007

Now Deloitte Rocks Security Consulting

Following from our win on the risk management consulting front, Forrester just named us the best security consultants. The South African firm contributed one fifth of the client work to this. Gosh, I do like being on top ;)

Deloitte Is A Leader In Security Consulting With Solid Depth And Global Reach
Deloitte has the largest pool of security consultants in the market, and its global reach includes engagements in more than 100 countries. Security, privacy, and information risk management services within the company are integrated into a single enterprise framework, with a mature perspective focused on client value. In our evaluation, Deloitte's current security offering and market presence took the top spot among all other service providers, although its market strategy score slightly trailed its close rival. Its focus on risk management and privacy and its willingness to invest in R&D activities makes it an excellent choice for those looking for technology expertise coupled with sound strategic advice and strong business orientation. Deloitte brings a pragmatic and mature perspective and is best suited for medium- and large-scale, integrated projects requiring information risk management and security services.

Posted by Dominic White in Security at 23:48 | Comments (0) | Trackbacks (0)

Monday, October 1. 2007

I recently ran into this debate at a client, and even though I had a fairly good understanding of this issue, the thoughts only struck me with clarity today. This will be fairly obvious to many people, but unfortunately, not all. Hopefully Google will help broadcast my purported clarity.

Continue reading "IDS vs IPS"

Posted by Dominic White in Security at 20:30 | Comments (0) | Trackbacks (0)

(Page 1 of 1, totaling 7 entries)