Security on

Engineering is a Discipline, Not Just a Prompt

Wed, 15 Apr 2026 11:08:00 +0000

The Digital Archaeological Dig

I recently assisted a friend with a codebase that felt like a digital archaeological dig—a chaotic mixture of Python versions and conflicting modules. The modern instinct was to upload the lot to an LLM to “fix” everything.

The result was absolute carnage.

No version control or history meant “editing on master” in real-time.
More time spent reversing AI “improvements” than fixing the original bug.
A stark reminder: tools are getting smarter, but engineering discipline is becoming a rare commodity.

The Return of the Artisanal Mess

This mirrors the “artisanal” FrontPage websites of the late 90s. A lower barrier to entry does not guarantee higher quality output.

Ring Doorbell Security

Sun, 24 Jul 2016 09:54:55 +0000

The Ring Doorbell has been invaluable as we travel the world. The reactions of people are often times pretty funny as the doorbell they just pressed begins talking to them and asking them to do some action in our absence. Even over our very low-bandwidth WiMax link it is usable. The most annoying part of the device, until now, is that our dog Bentley goes crazy when the device rings the multitude of devices. Even when we are abroad if he hears the phone notification he goes ballistic instinctively knowing someone is in his yardfrom a few hundred/thousand miles away.

Withings Home Camera Review

Sun, 08 Feb 2015 12:26:50 +0000

I am always in search of products that help me automate and secure my home. I have run a mix of Foscam, D-Link, and Panasonics cameras dumping to a Linux server for the longest time, but it was clunky and not without its horrendous maintenance. Additionally the cameras, as aptly pointed out by Wife, were less than aesthetically pleasing.

iPad Mini – an agnostic mobile user review

Mon, 24 Mar 2014 08:59:27 +0000

If you glance around my computer museum (I mean office) you will see the following mobile devices:

WebOS
Maemo
Android
PalmOS
Blackberry (no 10 devices yet)
WinCE (don’t ask)

And up until a few years ago many an iOS device scattered around. Part of my job is learning what the latest and greatest is capable of and implementing for my customers. It was after helping one of them recently that I realized my iOS knowledge was becoming a little dated and as such I found myself in the Schiphol Airport paying way too much for a Retina iPad Mini 32GiB.

Sun, 19 Aug 2012 17:31:17 +0000

—- Cross Post from the Spec Ops Technology Blog —-

Spec Ops Technology prides itself on taking difficult problems and providing practical engineering solutions. Quite often this real world experience is born of a real world problem we personally faced. There is a passion we look for in our engineers that breeds a team that, by nature, develops creative fixes.

As the United and Lufthansa ticket counters can attest, I spend a lot of time on the road. In today’s connected world I depend on a secure and platform agnostic internet connection. There a few major hurdles that make this difficult:

Verified Accounts or “Don’t let your friends steal your name”

Sun, 22 May 2011 16:07:53 +0000

I have a great friend (who may not agree with that “great” part after this) who refused to have a facebook page. I can’t disagree with the idea of being the part of the few left in America without one, but it has become somewhat of a joke with us.

Friend: Why didn’t you tell me?!

Me: I did tell everyone, via Twitter and Facebook

A few nights ago while we were chatting via Jabber I decided to play a little joke and create him a Facebook page.

My Home Burglary and what it means for your enterprise

Sat, 14 May 2011 12:30:42 +0000

My house in DC was broken into. More specifically my garage, which is behind my house, was broken into and a few things stolen. Other than the asshole move of keying my car, nothing of great value was lost. All the same the process got me thinking about my life as an InfoSec professional and the similarities of our homes to our enterprises. I will use my home as an allegory to how we handle our digital worlds and what I learned.

Tor != VPN – A Simple Explanation

Tue, 22 Feb 2011 10:17:34 +0000

Shameless exploit of meme I know...

I can’t take it anymore! I lurk on irc.freenode.net and /r/netsec and have seen a few too many mornings now that some person is safe, they used Tor. There is a big misunderstanding in what Tor actually does and protects. Here is my log in the fire to help explain the technology. Lets start with the basics…

Geolocation and Force Protection

Sun, 20 Feb 2011 22:56:55 +0000

OMG THIS DUDE IS AT THINK COFFEE!

Sometimes we get a little too focused in on what the root of a vulnerability is. I find myself thinking this a good bit with the advent of geolocation tagging and “check-ins” as the security world runs around with hair on fire.

Rather than accept that our tools and users will be GPS connected and tracked, we take the extreme of labeling it all bad. By doing so we have removed what is a valuable tool to our folks. We can all agree that geolocation unfettered is a bad idea, but can’t we agree that geolocation in and of itself is not?

The news of OpenID’s Death is greatly exaggerated

Mon, 31 Jan 2011 07:36:53 +0000

I am not one to get on the blog and add to the argument over some stupid post from another tech pundit, but this one is too much to pass on. The reason I am tossing my hat in here is that I am now seeing SECURITY PROFESSIONALS adding to the crowd with the death knell of OpenID. Seriously?

Let me start with this example from my morning routine. I logged into my Facebook account with ClavID instead of the standard Facebook authentication mechanism. A little known Facebook feature is the ability to use OpenID providers to login instead of the email+password. I do this because ClavID supports secure multifactor authentication so instead of a simple user+pass, I have user+pass+token. Many of the websites I frequent support OpenID and in all of those cases I remove their ability to store my authentication information.