Kenneth van Wyk

I’ve said here before that, “I’m more secure on a Mac than I was on Windows.” But now we have a couple new(ish) kids in town: Windows 7 and Snow Leopard. It’s time to see if that statement still holds true. Well, after using Snow Leopard for a few months, and taking Windows 7 for […]

“Twitter is insecure. Twitter is the root of all evil.” Right. Much has indeed been written about Twitter’s security – or lack thereof– in just the past couple of months. In taking in what others have to say, though, I can’t help but think it’s being unfairly attacked. Let’s take a fair and objective view […]

I upgraded last month from Windows 1.0 to Apple’s OS X. OK, I didn’t really, but it sure felt like I did. Transitioning from a Blackberry 8800 to an iPhone 3G felt a big of a leap forward, from a user interface perspective. But what about the security of my information? All right, it’s no […]

Love them or hate them; social networking sites are here to stay. And your users are going to find ways to use them from home, from work, from smart phones, from shared computers, or from anywhere else they care to. The whipped cream is out of the can. Now what can we do about it? […]

Wireless security has been getting pushy recently. But seriously: Do you think we’re more secure? What caught my eye was a headline about a mobile phone provider pushing a security update out to its customers. The wireless folks refer to this as an over the air (OTA) update. It certainly made me stop and think […]

We’re bombarded with news of security breaches, security vulnerabilities, and products that aim for some arguably novel approach at stopping something bad from happening to us. That’s why it’s so refreshing to see positive input – and for free, at that — that rises above the “badness parade” and gives you real actionable tips to […]

[Editor’s note: Kenneth van Wyk is credited by the SANS Institute as one of the people who made substantive contributions to compiling the Top Error list.] Last week the SANS Institute and MITRE together published their CWE/SANS Top-25 Most Dangerous Programming Errors list. Ta dah! Wow, that “ta dah” didn’t have the public impact I […]

There’s a gold rush going on out there before our eyes. What, you haven’t noticed? Perhaps you’ve been too busy watching the gloom and doom on Wall Street and Main Street. But it’s there, mark my words, and there are security risks aplenty to be found. Give up? It’s mobile applications—primarily on Apple’s iPhone/Touch, but […]

Penetration testing is as popular as ever, yet it continues to miss the mark. As a means of validating the security of an application system, it fails miserably on several counts. I continue to find organizations that make extensive use of penetration testing as their primary means of security testing systems before they go live, […]

When did we forget about the users? At some point, it seems to me that the security community simply forgot about the users. I want to know why. Many people believe—perhaps with good reason—security is simply an inhibiting function, preventing our users from doing what they feel they need to. They say they want to […]