by John

I was on a panel last summer, and I claimed that I felt the most significant impact of a data breach would be the harm it can potentially do to your brand. Working at a company with a very well established brand name, it is important to avoid anything that will degrade it. Loss of brand is somewhat an intangible, but can mean a loss of market share and a loss of consumer confidence. It’s hard to think of a business where data loss or a security incident made public wouldn’t have some effect. This graphic from Ernst & Young seems to underscore that. Read More

Posted in Blog

by John

Ho! Ho! Ho! Fool!

It’s been a banner month at the ol’ Bill Gates household. Santa has snuck down the virtual chimney, and put all kinds of unwanted presents under our Christmas tree of security! Despite the downturn in the economy, this is the BEST Christmas in five years! Microsoft offers up patches for 28 security vulnerabilities (23 of them are critical), for all the good little girls and boys!! Get out there and update your PC systems soon! Even us Mac users are lucky enough to have security updates for Microsoft Office. Read the Microsoft Security Bulletin, here. Read More

Posted in Blog

by John

My podcast interview with Mandeep Khera at Cenzic is now online. This was from a series of interviews Mandeep had with security professionals at the Black Hat 2008 conference, in Las Vegas, Nevada this summer. He asked me what my concerns were when it came to application security. I gave him a piece of my mind.

[Visit the Cenzic site for “Application Security Mythbusters” and hear the podcast!]

Posted in Blog

by John

Well, the month of November has whizzed by! This last week I’ve been preoccupied on an emergency migration off our legacy server (in a friend’s sock drawer in Virginia) to It was fairly smooth, once I got all the files transferred. Out of the couple GB of data, there were about 60,000 files it appears. It took a few days of checking and editing to find and fix all the broken links due to the case-sensitivity of Linux. Now that it’s done, I feel that these twenty sites are a lot faster and I can rest assured that the site will always be accessible and live. (** The nTelos DSL option was cost effective for the past decade, but week long outages, and recovering from hard drive crashes has been just too time consuming, so it is very nice to now have business-class hosting/email services for $12.95/month!)

Now that the websites are running, I realize I haven’t blogged in a while, so I will try to catch up on writing along with scanning in photos from 1992-2006 photo albums. I am currently trying to get a “Tour of Santa Fe” posted, and I will work through the various “travelogue” sets from, and my favorite photo sets (Outer Banks trip, RSA Conferences, etc.) Getting all my pictures uploaded and ordered will take time, but it will be very nice to have hi-resolution, edited and tagged photos online. It is pretty easy to keep up with new (digital) photos, but editing old, fuzz-covered photos from my younger, wilder days can be VERY time consuming. If you visit my Flickr, you will see quite a diverse range of pictures. Eventually I will back-date them to the correct chronological order and maybe create another account just to showcase my favorites. Read More

Posted in Blog

by John

I am in the process of migrating my domains to “”. I am finally moving my server to the “cloud”, and I’ve been pretty impressed so far. However… the ISP that our old server is on decided to make a DSL change over the weekend, so until next week all my old blogs and portions of some domains won’t be accessible.

I am redirecting my NULL SESSION blog here, for a few days. If you want to know how things are going, or what I’m watching on TV, check me out on Twitter (nullsession).

Posted in Blog

by John

I was caught off-guard today by the announcement that the RSA Conference submission deadline is coming up in a week! I need to decide if I will submit any of the successful (interesting? timely?) projects I have worked on in the past year for consideration. I would love to present at the April 2009 conference in San Francisco. I was sick this past year, and kind of bounced around dosed up on Nyquil all week!

Besides this great conference, I was involved in the Black Hat 2008 conference in Las Vegas this past summer. It was good to serve on a panel for the executive briefings. So, if I can’t get a paper submitted (my employer isn’t always keen on discussing projects publicly), maybe I will be able to serve on a committee or panel. I was on the RSA Conference organizing committee this past year, and it was a great experience. Read More

Posted in Blog

by John

I bought some new coffee last week, and I’m on this kick at work of making a no-sugar, heavy on the cream, coffee (my own latte)… so, I did the same at home today. I found an old 52 ounce mug and filled it with ice and coffee… pretty quickly it was all gone. I now have a really wicked caffeine buzz going on. Wow!

Posted in Blog

by John

Isn’t this the typical way everyone starts off their blog?

“Hello, World!” Read More

Posted in Blog