Archives
This year's posts
2019
- : SANS Holiday Hack Challenge 2018, Question 5
- : SANS Holiday Hack Challenge 2018, Question 4
- : SANS Holiday Hack Challenge 2018, Question 3
- : SANS Holiday Hack Challenge 2018, Question 2
2018
2017
2016
2015
- : Changing jobs
- : Incident Response 101
- : LastPass announced a breach. Three lessons learned.
- : Facebook's email encryption
2014
- : Unauthenticated self-service secure password reset
- : The Potential Impact of Point-of-Sale Compromises for Business Continuity Planning
- : Using Security Frameworks to Achieve Effective Cyber Defenses
- : Tips for getting started in information security
- : Feedburner link was incorrect. Fixed.
- : TrueCrypt's demise
- : Fundamental lessons learned from recent data breaches
- : University of Maryland data breach
- : Cloud Services and Business Continuity
2013
- : Readings on Cryptography
- : Two Factor Authentication Adoption
- : Access Control and Service Oriented Architectures
- : When to Declare an Information Security Incident and How to Respond When You Do
- : How Advanced Log Management Can Trump SIEM: Tales of Woe and Glory
- : Conference presentations
- : OWASP AppSecUSA
- : Are IT departments completely useless?
- : Raising awareness concerning software vulnerabilities
- : Project Management
- : Situational awareness
- : Using Teambuilding to Improve Performance for Geographically Distributed Information Security Professionals
- : DMCA Notices
- : Security Blogger Awards
- : SANS Security Leadership Course
2012
- : New blog: Technology Toolshed
- : From password bruteforcing to identity federations
- : Infosec Threat Modeling
- : So it goes,...
- : SANS Security Leadership Essentials (GSLC)
- : Speaking at OWASP Long Island
- : Raspberry Pi
- : Happy Thanksgiving
- : Lessons learned from Superstorm Sandy
- : Bootable Linux USB drive for teaching
- : Teaching again
- : The delicate dance between vendors and clients
- : Product acquisitions
- : LinkedIn password disclosure
- : Northeast Security Leaders Summit
- : Teaching Cyber Security
- : Cloud services
- : TED, SOPA, PIPA
- : OWASP meeting
2011
- : Last night's OWASP Long Island Meeting
- : Network forensics exercise
- : Applied Cryptography
- : Teaching SANS Security 504: Hacker Techniques, Exploits, and Incident Handling
- : About certification and certifying bodies
- : Black Hat and Defcon approaching rapidly
- : Information Security Leadership
- : When students grow up...
- : Cyber Protect
- : High-impact initiatives
- : SOURCE Boston 2011: Higher Education's ability to conduct relevant research and to effectively teach information security
- : Securosis research: React Faster and Better
- : IPv6 in security procurement projects
- : Mindful Listening for Project Managers
- : Murphy is alive (and holds a grudge)
- : Presentation at EDUCAUSE/Internet2 Security Professionals Conference
- : Information Security Scorecards
2010
- : Hosting SANS CISSP Training Session (SANS MGT414)
- : Today is a great day for catching bad guys
- : React, Respond, Initiate
- : Information Security Roles and Responsibilities
- : Patch management, Penetration Testing, SIEM and Forensics.
- : Exercise works...
- : BlackHat and Defcon Guidance
- : Black Hat and Defcon approaching rapidly
- : Teaching again
- : On Checklists
- : Implementing SIEM
- : Developing a strategic information security plan
- : Penetration Testing in the Real World
- : Slide decks posted
- : SOURCE Boston 2010
- : From the life of a CISO...
- : Information Security in the Cloud
- : Note taking for CISO's
- : SOURCE Boston professional development
- : Communicating incident response plans
- : ICCS 2010
- : Service announcement for vendors
- : Information Security Surveillance
- : Security Thought Leader
- : 30 minutes to explain information security
- : Fatal System Error
- : Certification study group
- : IsleSec every third Wednesday of the month
- : Happy New Year
2009
- : Computer security badness hierarchy revisited
- : Incident Response Planning
- : Refocusing my professional career
- : Starting IsleSec
- : Ed Skoudis's COINS event in NYC: The Bad Guys are Winning: So Now What?
- : SOURCE Boston CFP
- : Incident Response and the Incident Command System
- : The Unspoken Truth About Managing Geeks
- : Backups for home user or small businesses
- : Two more excellent GIAC Gold Papers
- : Apache foundation publishes post-incident report
- : Dutch Forensics Institute opens encrypted vault of imagery
- : Long Island Information Security
- : Security Information Event Monitoring
- : Planning for a new wave of H1N1
- : MS09-039 actively exploited in Higher Education
- : Modems
- : Defcon 17 takes over the Riviera
- : BlackHat: "Cyber security" and "Cloud "
- : Securing infrastructure
- : BlackHat 2009
- : Google's two-factor authentication for password reset
- : SANS Mentor Security 504: Hacker Techniques, Exploits and Incident Handling
- : Web vulnerability scanning
- : Back at the helm: BH/Defcon?
- : Business Continuity Planning
- : Scratching an itch
- : New papers in the SANS reading room
- : Enterprise Cloud Risk and Security
- : BlackHat 2009
- : Unlocking the cloud
- : High quality information and incident response
- : CNET's Cybersecurity Quiz
- : The Cyberspace Policy Review
- : Puffing in a Cloud of appearance
- : Using service providers for information assurance
- : Perseverance, attitude, and solidarity
- : Family addition
- : Why we sometimes think cheating is OK
- : Brief introduction to challenges in Cloud Security
- : Preparing for Conficker's April 1st
- : Hiding in plain sight
- : Assessments are good; Feedback is essential
- : SOURCE Boston 2009, Day 1
- : Getting ready for SOURCE Boston 2009
- : ENISA publishes CSIRT training materials
- : Offensive Security Certified Professional
- : EDUCAUSE Information Security Professionals Conference 2009
- : Conficker analysis
- : Handling sensitive information
- : On Situational Awareness
- : Pentesting with BackTrack
- : Offensive Security: Backtrack 101
- : The Business Justification For Data Security
- : The Largest DDoS in History?
- : Computer Security Badness Hierarchy
- : Incident Response Management
- : Vulnerability in xterm
- : SANS 504 Mentor
2008
- : SOURCE Boston
- : Making the world a little better
- : Rogue DHCP servers cause perceived service outages
- : Security lab environment ftw
- : Creating a Certificate Authority with OpenSSL
- : Risk Management presentation by Dr. Peter Tippett
- : CISM
- : Tips for getting started in information security
- : Coding a buffer overflow exploit in a deliberatly vulnerable application
- : Red Flag Compliance postponed for FTC-covered entities
- : Taking up research again?
- : Security 504: SANS Hacker Techniques, Exploits and Incident Handling
- : Reconnaissance: don't post what you don't want found
- : Apocalyptic Vulnerability Percentages - FUD 101
- : The psychology of access control
- : Into the breach
- : Reliable Security
- : FIRST Liaison
- : New York Information Security Community
- : The 10 Most Mysterious Cyber Crimes
- : Phishing season opened
- : tcp/32709 solved?
- : TED talk Peter Hirshberg: The Web and TV, a sibling rivalry
- : Patching users
- : Surge in portscanning for tcp/32709
- : Wisdom from Randy Pausch
- : Google Chrome
- : Writing code is easy, writing good code is hard
- : SANS Mentor update
- : Social Engineering 101
- : Looking forward to learning again
- : Back to school
- : Prof. Bartlett's lecture on growth
- : SANS Mentor SEC 504 in Long Island, NY
- : Defcon
- : Defcon day 1
- : DefCon PC Hardening
- : Teenage bot herder arrested in Netherlands
- : Verizon's DNS attack scenarios
- : 30 Days of DNS attack activity
- : Passed my CISM
- : The Metasploit DNS vulnerability exploit
- : De-ice.net pentesting live CD's
- : Going to defcon after all
- : DNS vulnerability in the wild
- : To be written...
- : The Last HOPE, day 1
- : The Last HOPE device preparations
- : The Last HOPE 2008
- : Confirmation bias
- : DNS vulnerability
- : GIAC Certified
- : Security vendors
- : URL shortening services
- : Information Security Research
- : China hosts malware
- : Information Security at Colleges and Universities
- : Law Enforcement
- : Confidential Information Handling Policy
- : Information Security in three steps
- : Maintaining appropriate documentation
- : Sending clear text sensitive information
- : Essential Truths in Information Security: Be Reliable and Trustworthy
- : The value of documentation in incident response
- : Separation of duties is a tool, not a goal
- : Mobility Changes (Almost) Everything!
- : Essential Truths in Information Security: Better is worse than good enough
- : Essential Truths in Information Security: Execute with precision and excellence
- : "Security": Whose Responsibility?
- : Telephone phish
- : Essential Truths in Information Security: Never say "no"
- : Flying long distance
- : Essential Truths in Information Security: Perception is Reality
- : Security through obscurity
- : Essential Truths in Information Security: Understand what you protect
- : EDUCAUSE/Internet2 Security Professionals Conference
- : Off to EDUCAUSE/Internet Security Professionals
- : EDUCAUSE/Internet2 Security Professionals Conference
- : Trust, but verify
- : Information security framework
- : Embedded intelligence
- : Setting account expiration in Windows XP
- : Be careful with what you leave behind
- : Vulnerability notifications?
- : Protection does not equal prevention
- : Some students get it...
- : Planning for failure
- : A new type of nomads...
- : Code review can only do so much...
- : Taking notes
- : Incident Management
- : Capture the flag is fun!
- : Ethics
- : Information security vs. Flying an airplane
- : Malware targeting crypto keys
- : Teaching Computer Security
- : Why Hacking Changed
- : Information Classification
- : Hacking Movable Type to get ScribeFire to work
- : NYMISSA: Ethical Hacking
- : SANS Security 504: Hacker Techniques, Exploits and Incident Handling
- : Adam on...
- : Spam
- : Hate/love relationship with vendors
- : Carnival of the Security Catalysts Community for 03/11/08
- : Safety vs. Security
- : Educause Security Professionals Conference
- : On policy writing
- : Sometimes I need to remind myself...
- : Hard disk encryption hack: ISC got it right
- : Passwords are the root of all evil
- : Soldering station?
- : Polytechnic ISIS blogs
- : Knight Rider
- : Long Island Information Security Forum
- : Educause Security08
- : Better is worse than good enough
- : Phising attacks and user awareness
- : Yet another cable damaged...
- : Botnet hunting
- : Becoming a Security Expert
- : Microsoft wants to by Yahoo!?!
- : It Sounded Good When We Started; A Project Manager's Guide to Working with People on Projects
- : 11 Truths the security industry hates to admit
- : InfoSec Threat Horizons: 2008 - 2010
- : Fraud, Privilege, and the Insider Threat
- : Information security management
- : Identity
- : Roles and Responsibilities in Information Security
- : Article on a hypothetical WiFi worm
- : Fake profiles on Facebook
- : Pragmatic CSO podcast #1
- : Establishing an incident response team
- : Large amount of web sites compromised. Where is the ISC?
- : Policy development
- : Information Security-- A strategic approach
- : Loss of power
- : Happy New Year!
2007
- : Locutus: wake up :)
- : Partner access: Balancing security and availability
- : Toaster hacks computer (I kid you not)
- : Security and SME's
- : On policy writing
- : Anti-Phishing Phil
- : Hire fewer better programmers, more testers, top architects.
- : Happy Thanksgiving
- : Insightful article on password policies
- : 0x000000 Security password experiment
- : Temporary Lack of Posting
- : A glimpse of the future
- : FBI at risk for internal espionage
- : A new blog
- : Computer Forensics: Recovering CD-RW contents
- : TJX Stock Recovered From Breach; Web Site Still Vulnerable
- : Gartner thinks that too much is spent on IT security
- : Security Catalyst
- : Report on the Sourcefire briefing
- : Sourcefire event in Amsterdam
- : The importance of logging for forensics investigations
- : On IT Auditors...
- : Developing secure web applications
- : FBI Wire tapping systems
- : VMWare Server on Ubuntu Linux
- : Harvard Business Review Case Study On A Fictional Data Breach
- : Interesting security position...
- : Intrusion report at fark.com
- : Microsoft Security Response Center (MSRC)
- : Gartner on Security and Risk Management
- : Even port scanners are boring...
- : Storm botnet fighting back
- : Web site maintenance
- : Reporting phishing to eBay? Don't email abuse....
- : MS Patches: Input validation and virtualization
- : I want to go too!
- : Thoughts on Information Security
- : Michael Farnum quits...
- : Moved to rimuhosting
- : It is calm at work...
- : Certified Information Systems Auditor Study Guide
- : Daemon
- : Security Metrics
- : Global Economy at work
- : Terrorism in perspective
- : If Architects Had To Work Like Web Designers
- : Addicting
- : Computing problems
- : Catching a fly.
- : Upgrade to Movable Type 4 (beta)
- : VoIP service
- : USB TV Card
- : Personality Types
- : Moved to Movable Type
- : Moving to Movabletype?
- : Amazon.com wish lists updated
- : Google reader
- : Optical illusions
- : Happy Easter
- : Website moved to another server
- : The day after....
- : PhD awarded -- Proefschrift verdedigd
- : Route naar de Universiteit
- : Access Control and Service-Oriented Architectures
- : Listening and reading is an art...
- : Cisco documentation
- : Centralized logging and audit of Windows-based servers and network devices.
- : PhD thesis printed
- : What makes a security incident?
- : Your first Amazon.com purchase
- : Thesis proofs ready
2006
- : Best wishes!
- : Thesis
- : Regaining control
- : Social engineering
- : Whoops....
- : Verdonk
- : Moving house (2),...
- : Moving house,...
- : News aggregator
- : Sociological research study on fortresses Liefkenshoek and Lillo in the period 1585-1786
- : New vulnerability in Windows
- : Fresh chicken nuggets?
- : Printer security
- : Hosting?
- : Hot, hot, hot and new job
- : Presentation at FIRST 2006
- : US Schools ban tag and soccer...
- : Back from Switzerland
- : Handling large volumes of email on a list
- : Gone Geocaching
- : Gone Geocaching
- : Things going on...
- : Google calendar
- : Expert
- : Formal education
- : Programmer vs. coder
- : Just a few thoughts I had today
- : Fear of $topic_du_jour
- : Site downtime
- : What are your six sites?
- : What do I want to be when I grow up?
- : What do I want to be when I grow up?
- : Dijkstra
- : Re: Procrastrination
- : Education vs. Training
- : VMware giving away their server product
- : Nice Slogan...
- : New theme
- : Google chat
- : Google chat
- : Proven technology
- : AIRT at FIRST 2006
- : Some snow
- : So quiet,....
- : On Darknets...
- : Technorati
- : Trackbacks switched on again
- : Irritating ring tones
- : Opening pages in Firefox by pasting a URL
- : Do not speed in South Carolina
- : Welcome to the South!
2005
- : Globetrotter
- : Daylight savings
- : The Internet is Shit
- : Security lecture
- : www.leune.com
- : Feeling old
- : Security lecture
- : Removing red eye with Gimp
- : Botnets
- : Video editing with Debian GNU/Linux
- : The Internet is Shit
- : Temporary lapse of reason
- : Re: Yay! The Once a Year Repave
- : Friggin' Windows
- : In the zone...
- : More warning labels....
- : Car seat
- : Running Microsoft Windows XP without services
- : Re: Biculturalism
- : There is always room for coffee
- : Optimus keyboard
- : Windows XP Lesson 1 and VMWare Workstation Lesson 1
- : Is the Internet getting safer?
- : I don't understand it
- : 2005 FBI CSI Report
- : Re: remote desktop
- : Windows XP Lesson 1 and VMWare Workstation Lesson 1
- : Windows XP Lesson 1 and VMWare Workstation Lesson 1
- : House under attack?
- : Netherlands Air Force Open Days
- : Re: Is writing software for Windows just too damn hard?
- : Bigger is not always better!
- : RSS Reader: stand-alone, integrated in mail client or web browser, or fully web based?
- : Downgrading Debian GNU/Linux from unstable to testing
- : Google rocks!
- : Digitally signing messages with GnuPG from a PHP script
- : Enterprise discontinued...
- : Planting day
- : Applied quantitative research
- : Filed an intent to package of the PHP Pear RSS module with Debian
- : Snow in March
- : A valuable lesson
- : A new semester...
- : Ego, or destiny?
- : Setting up a Debian apt-source
- : Halloween in the Netherlands
- : Installing Debian GNU/Linux on a Dell GX280
- : Open-source vs. NDA
- : Leaving VATSIM
- : metar package released!
- : Mozilla Firefox eats Microsoft Internet Explorer