Comments(0)
Whilst in other industries, mergers and acquisitions was popular a year or two ago. It looks like 2008 could be the year of security testing acquisition. HP recently bought out SPI dynamics and their flagship product web inspect. Meanwhile IBM bought Watchfire. It looks like the big boys want to play in the security industry.
Comments(0)
A growing trend in websites is web analytics. This can monitor user activities to indicate what get used and what doesn’t. Google has its own analytics package. These days you really should throw on a proxy to see what it is happening. You have to be careful. Evidently Sears had a little christmas spyware surprise through this technique.
Comments(0)
Its been a week now since emailing the vendor a vulnerability that could potentially be used to break into 20,000+ sites.
Still waiting for a fix…
My original ramblings can be found on WithDK.com.
Comments(2)
Happy new year to you all!
Do you like online polls? How reliable are they. Well, here’s an old story, this still pretty relevant today. Back in 1998, people magazine introduced an online poll for the “most beautiful people in the people”. Naturally, the likes of Leonardo DiCapirio and Kate Winslett were on top. However, somebody introduced Hank Nasiff Jr (a.k.a Hank the angry drunken dwarf) as a candidate. Hank appeared on the Howard Stern Show and Howard Stern asked his listeners to vote in for Hank and the rest is history. Note back then the Internet was not security intensive and it was easy for users to produce multiple votes by simply removing a cookie. Word got around to newsgroups (e.g. alt.fan.Howard-Stern) and a couple of other celebrities, not primarily known for their beauty did well as a result including legendary wrestler Ric Flair (from rec.sports.pro-wrestling) and They might be giants keyboardist John Linnell.
There was slight controversy in that after online poll, people magazine didn’t want to put Hank on their front cover for winning the .
So can you still get a little hanky panky in your results? Remember a poll is only as good as the users who take part. You should give users more credit, they can find ways of screwing things up easily. So anything like where they can enter any piece of data is bad. An online poll of “yes” or “no” is likely to be safer.