Penetration Test != Audit != Assessment

If someone is selling you a network penetration test, and then running a vulnerability scanner and handing you a report, you’re not getting what you paid for, period.

Formal Degrees vs. Certification

I’ve never been a fan of most certifications.  I’ve always been even less a fan of formal degrees in education, at least for technology-centric industries.  I’ve always argued that my body of work is my credential, and if a potential employer were to reject my application on the basis that I didn’t have a certain […]

DEFCON 16

DEFCON is always entertaining as it’s the largest hacker conference in North America. Back to back with it’s corporate counterpart, Black Hat, it generally draws thousands of hacker-type people to Las Vegas every summer. The related parties, shenanigans, and drama surrounding it are legendary, and this year was no different. Below are my thoughts on […]

Configuring DNSSEC in BIND

DNSSEC, which I mentioned in my previous post about mitigation for Kaminsky’s recent DNS cache poisoning flaw, are the SECurity extensions for the Domain Name System (DNS). It essentially adds cryptography to DNS, allowing authoritative nameservers to cryptographically sign their zones and resource records, which in turn allows caching/recursive nameservers to verify them. This prevents […]