Author Archive
New Frontiers in Hacking
Just when you though it was safe to have a device implanted in your body to deliver electric shocks to your heart, there’s this:
A Heart Device Is Found Vulnerable to Hacker Attacks [Barnaby J. Feder, NY Times]
It turns out that the risk of someone actually hacking a pacemaker is rather small, since the researchers were [...]
I’m officially a CISSP
I’ve been meaning to write a post about passing the CISSP exam, but the time to do so has eluded me, until now.
I received the results of the CISSP exam on October 11th, four days after I took the test in New York City. Naturally, I was thrilled, and posted as such to the [...]
Onward to the CISSP
Well, there’s no turning back now! I finally scheduled my CISSP exam.
That’s not to say I can’t reschedule, but I’m going to pretend that’s not an option so I don’t deviate from my study plan. When I study for an exam I tend to go to all out, so I’ll be reading (or [...]
Time to dump your cell phone carrier
I haven’t had too much use for FreeConference.com, at least not so far. I only tried it once to get an idea for how it worked, but I never needed to hold a large conference. After all, I’m not on the list (at least not yet). As far as I can tell, it’s a great [...]
Should we worry more about insiders or outsiders?
I’ve been having a little bit of a debate with a colleague of mine. Walking into an environment with only the most basic security measures in place (patch management, AV, moderately restrictive firewall policies), where should you focus your time? Obviously, the complete picture needs to be dealt with, but would you spend [...]
CompUSA memories
Reading this post by Ryan Block brought back memories, both good and bad, about my own experiences working at CompUSA. I would consider CompUSA my first job in “IT,” even though the majority of it was so far removed from anything technical it barely qualifies. However, it was my first real exposure to [...]
Jury Duty
I had to perform my civic duty recently, and answer a summons for jury duty at my local courthouse. Not many people are excited by this invitation, and I was no exception. In fact, I had already used up my one automatic postponement, so I knew I wasn’t getting out of it.
First impressions: security at [...]
WordPress Remote Code Execution - Upgrade NOW!
Over the weekend, there was a notice about a security exploit that was inserted into the install files for WordPress 2.1.1. Care to guess what version of WordPress this blog was running? Don’t worry, I wasn’t about to volunteer that information until I actually had the upgrade taken care of. Upgrading WordPress [...]
Family Security Series
The Family Security Series, by Michael Santarcangelo (aka The Security Catalyst) was launched on Friday. In case you missed it, here was the invitation video:
http://www.youtube.com/watch?v=1h5CUUar19U
To view the first episode of the podcast, go here:
Episode 1: Operating System and Application Updates
I’m interested to see the feedback to this series, because I am one [...]
Training Options
I have been given the opportunity to attend a few training courses. Of course, not having been given this option by an employer before (aside from the occasional book or CBT), I want to make the most of it. As a predominantly self-study type of person, I’m not really sure what constitutes a good instructor-led [...]
DST Update
Unless you missed the memo, you’re probably already aware that due to the Energy Policy Act of 2005, the Daylight Savings Time change will be occurring 3 weeks earlier this year in the US.
Wikipedia article
If you did miss the memo, you’ve got some catching up to do. Virtually every device and every operating system [...]
Welcome
Welcome to my blog. My name is John Biasi. I am a security professional, and I hope to use this blog to help advance the discussion of Information Security, and to increase security awareness as well. I’m not too sure what form this blog will take at this point, but I will [...]
