Security's Everyman

Security's Everyman

Monday, September 24, 2007

Where has the time gone?

I can't believe that I only posted one thing last week. The 2 or 3 weeks prior to that weren't much better either. I haven't been overly busy just nothing has caught my attention enough to blog about. My days at work have been full and my attention has been focused on several projects that I'm working on, but not any busier than usual. I guess it's a case of bloggers block.

I've another personal story of sorts along the same line as my last weeks "flat tire" post. This weekend I was turning onto a main road and went to wave at the car that let me in. As I waved my hand hit the frame of the door and I dropped my new Blackjack cell phone. Of course the car behind me didn't see it and ran over it. :( Believe it or not it still works, sort of. The LCD screen is less than usable and people say that it has lots of static when I talk. So needless to say I'm looking for a new phone. I had to revert back to a old Nokia that I had from 2002. It only works on 850 band networks so at least I get coverage even if it's less than stellar.

Tomorrow I leave for Cincinnati, OH to spend a few days in Cisco training. I'm going to their MARS class to learn how to get the most out of it. I've got friends up there and am looking forward to spending time with them and catching up on all that's going on.

In terms of information security (I guess I should write something about it). :) XSS and CSRF have been dominating my thoughts lately. I'm not sure just how many sites, especially ones that are commonly used by me and those I know, are actually affected by these. I do know that lots and lots and lots and lots of sites are vulnerable and that bothers me. It bothers me because they still haven't been fixed and it bothers me because that means that there are lots of opportunities for them to get pwned and for others to get hurt by them. I've been reading Jeremiah Grossman, RSnake, and other sites about it. Jeremiah and RSnake did a good job of talking about them at BalckHat and on a webinar that was sponsored by WhiteHat Security. Paul and Larry of Pauldotcom Security Weekly have a really good discussion about it in episode 82 of their podcast. Then of course there is the latest news about the Google "Unholy Trininty" that was made public today. I haven't had time to really delve into it, but I hear that one of the affected things it their poll plug-in for blogger. So I'm not going to put out a poll this week just to be safe.

Well, I'd better get to packing for the trip. Hopefully this will clear my mind and refresh my blogging spirit so I can get back to regular posting.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.