Things I Learned Last Week: 01/10/2011 – 01/17/2011

by kriggins on January 17, 2011


Welcome to the weekly post where I take the opportunity to expound on just about anything. Never fear, there is always a dedicated Infosec portion for those that don't care about anything else ๐Ÿ™‚

Here are a few links if you'd like to skip to a particular part of the post.

Infosec Stuffs
Non-Infosec Stuffs


Are you uncomfortable?

I am. On purpose.

We just got a new bed. The one we replaced was seriously showing its age. However, as with many new things, the replacement bed is a bit uncomfortable. You have to get used to it.

My body is used to being supported in a particular way at night. Even if it isn't the best for me, it iswhat I am used to. Moving to a new bed means change and change can be uncomfortable. However, within a few nights, I will be resting easier and waking up feeling like I slept on clouds, not like I endured a 7 hour wrestling match with a grizzly bear ๐Ÿ™‚

Maintaining the status quo is not necessarily bad, but you probably aren't growing much by doing so. Stretch your boundaries a little. It'll be uncomfortable at first, but it'll be better for you in the long run.

Infosec Stuffs

You Say Potato, I say False Positive

Shrdlu put up the blog post below that takes to task the way some penetration and application security test reports end up looking. The comments are also a very good read.

You say potato, I say false positive.

Client-side JavaScript Vulnerabilities

The folks at the IBM Rational Application Security Insider have published a white paper that takes a look at client side JavaScript vulnerabilities. What they found is not pretty. They tested 675 websites, including all 500 of the Fortune 500 company's sites. Here are a couple statistics to whet your appetite:

  • "...about 14 percent (98 sites) of the 675 sites suffer from many severe client-side JavaScript issues..."
  • "...research also showed that 38 percent of the vulnerable sites suffered from these vulnerabilities as a result of using third party JavaScript code..."

The rest of the paper is well worth the time spent reading it.

Close Encounters of the Third Kind

Non-Infosec Stuffs

A Branding MAD Lib

My friend Mike Murray has written a neat post about branding. Not branding as in red hot irons causing permanent disfiguring scars, but branding as in what do you want to be known for? It's an interesting exercise that you should take a shot at.

A Branding MAD Lib


That's it for this week. I hope you found something that piqued your interest.

As always, comments welcome below or you can email me at if you prefer.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.


{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: