Web Admin Blog

Real Web Admins. Real World Experience.

Entries for the ‘Security’ Category

Why I’ve Lost All Faith in Verkada

About two years a sales rep from a company called Verkada reached out to me to evaluate their approach to physical security monitoring for our campus. While our physical security isn’t under my team’s purview, it’s something I’ve always been interested in and we’ve helped to advise the facilities team responsible for it in the […]

Completing the LASCON 2018 Badge Game

The LASCON Badge Game was back in 2018 and the feedback I received was that it was the best one so far. It started out with the following QR code on the back of the badge: Following that QR code took you to the URL https://pastebin.com/J61kDSe2. Viewing that URL gives you the following: V2VsY29tZSB0byB0aGUgTEFTQ09OIDIwMTggYmFkZ2UgZ2FtZSF= V2VsY29tZSB0byB0aGUgTEFTQ09OIDIwMTggYmFkZ2UgZ2FtZSE= […]

Completing the LASCON 2017 Badge Game

For those who don’t know, every year I put together a game that starts on the back of the LASCON badge.  It’s typically some combination of crypto challenges alongside application security vulnerabilities with the goal of having it take somewhere around 1-3 hours, depending on experience, to complete.  Those who complete the game are rewarded […]

Completing the BSides Austin 2016 Mini-CTF

The BSides Austin 2016 Mini-CTF began with the back of the badge.  There was a large QR code which took a very long time for me to scan with my phone, and when I finally got it, it was just the numbers “07263584”.  Not very useful.  Below that, however, there was  a string of letters and […]

What Powerball, Poker, and SimpleRisk Have in Common

With an estimated Powerball Jackpot of $1.5B, everybody is talking about it right now.  I’ve got my tickets, but with a prize that big, I’m having an easier time listing the things that I can’t buy with the money, rather than what I can.  That said, I keep coming back to a concept that statisticians […]

The OWASP Board “Ivory Tower” Dilemma

I have been an active member of the OWASP community in some form since 2007.  I’ve been the OWASP Austin Chapter Leader, served as the Chair of the Global Chapters Committee, and, most recently, was elected (and re-elected) to the OWASP Board of Directors.  In the past, I have heard a number of people in […]

Fixing when crashplan won’t start anymore on your Drobo

Even though the Drobo is supposed to be a pretty rock-solid tool for backing up your files, there are still plenty of reasons why one would want to keep a copy of those files elsewhere just in case.  For example, what would happen if there is a fire and your Drobo is damaged.  Are you […]

Why You Shouldn’t Phish Your Users

As an Information Security Program Owner, I get a barrage of e-mails and phone calls multiple times a day from vendors looking to sell us their latest hotness security product.  Between the e-mails, phone calls, expo floor at BlackHat this year, and several talks that I’ve seen at past conferences, I have noticed a disturbing […]

My First Six Months as an OWASP Board Member

When I first put my name in the hat for the OWASP elections in the fall of 2013, I thought I knew what I was signing up for.  I thought that my seven year history with the organization in a number of different roles (Chapter Leader, Chapter Committee Chair, AppSecUSA Chair) had me well prepared […]

When an “Enterprise” Product Isn’t Enterprise Ready

I absolutely love my job and one of the coolest things about what I do is getting to do proof-of-concepts with bleeding edge technology.  I feel very privileged that many companies out there respect me enough to provide me with these opportunities and I feel that engaging on this level enables me to be a […]