DRY Fiend (Conjuration/Summoning)

In 1st edition AD&D two character classes had their own private languages: Druids and Thieves. Thus, a character could use the “Thieves’ Cant” to identify peers, bargain, threaten, or otherwise discuss malevolent matters with a degree of safety. (Of course, Magic-Users had that troublesome first level spell comprehend languages, and Assassins of 9th level or […]

…And They Have a Plan

No notes are so disjointed as the ones skulking about my brain as I was preparing slides for last week’s BlackHat presentation. I’ve now wrangled them into a mostly coherent write-up. This won’t be the last post on this topic. I’ll be doing two things over the next few weeks: throwing a doc into github […]

RSA Europe 2012, ASEC-303 Slides

Here are the slides for my presentation,┬áMitigating JavaScript Mistakes Using HTML5, at this year’s RSA Europe. The goal is to show that the move towards more complex web apps demands more complex JavaScript, which in turn creates more potential for security bugs. Yet rather than audit every line of deployed JavaScript, we can apply controls […]