Brian Krebs, author of SecurityFix and one of the very few mainstream infosec journalists, is pulling a McLeodd1 and leaving the Washington Post to go on his own. He will be reporting from Krebs on Security from today.
Apart from the coverage, Brian has also got involved in or instigated responses to some threats, and I hope that fewer editorial restrictions allow him to do and say more.
In truth, I only really like Brian because he's linked, to me before, encouraging up to 1.5 people to read the abstract on my thesis ;), but more seriously providing data and inspiration to me and several other researchers.
Good luck Brian
Footnote 1: I probably shouldn't mix my ZA and Infosec references, but Duncan McLeodd left the Financial Mail to form independent tech news startup TechCentral.
Eugene Spafford has a warning for us in his latest entry that I thought worth remembering:
Generally, hackers who specialize in the latest attacks dismiss anyone not versed in their tools as ignorant, so I have heard this kind of criticism before. It is still the case that the "elite" hackers who specialize in the latest penetration tools think that they are the most informed about all things security. Sadly, some decision-makers believe this too, much to their later regret, usually because they depend on penetration analysis as their primary security mechanism.
In many ways, I worry that mechanisms like RSS & twitter and the associated behaviour help us to be up to date, but not knowledgeable, and that the implied arrogance of being up to date stops us from realising it.
I'm quite excited and honoured to host a guest entry from Yusuf Moosa Motara covering his talk at ZaCon (a video of which can be found here, and the slides here).
Continue reading "Efficient extraction of data using binary search and ordering information"
Barry Irwin

singe: Awesome breakdown from the reigning Web App Scanner queens NTObjectives on why their scanner kicked the other's asses http://is.gd/9e0GZ
Ian Bicking: a blog: What Does A WebOb App Look Like?