Look too much into the Sun (Tzu) and you will be blinded

You can’t go to a security conference nowadays and not hear at least 700 references to Sun Tzu and his writing, The Art of War. And how important and relevant that book is to the world of Information Security. But let’s not limit our focus to the InfoSec guys. Life coaches (whatever they are) are abusing… Continue reading Look too much into the Sun (Tzu) and you will be blinded

http vs https performance

A while ago I had a huge argument with a development team regarding the usage of https. Their major concern was that the impact on performance would be so big that their servers wouldn’t be able to handle the load. Their approach was to use https just for the login sequence and plain text communication… Continue reading http vs https performance

Techniques to play with custom and encrypted protocols

An interesting presentation from DEFCON20 provided by Elie Bursztein and Patrik Samy called “Fuzzing Online Games” touches areas of application security where traffic analysis is not enough to perform a penetration test. As stated by the authors: “In a nutshell the lack of direct access to the game server and having to deal with clients… Continue reading Techniques to play with custom and encrypted protocols