Misstep 30: How didn’t this register?

Keys left in register

Are we really at the 30th misstep blog? This is crazy, since it was just a fluke of an idea… And here I am on Feb 19th writing posts that won’t even drop until mid-June. I hope you’re enjoying the series as much as I am while I find these and write about them. I […]

Misstep 29: Easier Than Cloning People

I’ve talked about bar codes in the past, but usually it was an exposed bar code — not so much about a reader. Barcodes: Are easily readable and reproducible by machines Are difficult to “rotate”, that is, change them when they are used Contain parity bits to make reading them more consistent when they are […]

Misstep 27: Keys to the Kiosk

Kiosk with Exposed Wiring, Systems

Today, we’re going to take a look at a little piece of automation. Many folks see self checkouts in their grocery store, but my local hardware store uses these kiosks for something else. These are near the customer service area, and allow people with returns to swipe their credit card, and enter a UPC to […]

Misstep 26: The Keylogger that Couldn’t

Windows 98 Login Screen

Today, I take you back 20 years to the year 2000 — I’m in highschool now, taking a Visual Basic programming course. By this point, I had already been building applications (such as key loggers, spamming tools, and music players). The keyloggers were to capture keystrokes and trigger “hacks” or “mods” in games, not to […]

Misstep 25: Pet Your Cat74

Who here is a legit paper towel thief? Because I have the connection to a Washington DC-area restaurant that has lax enough of security measures to allow this! The Misstep The Key. The Solution This is a really stupid misstep this week, but it segues into something else — security awareness. Sure, the employees left […]

Misstep 24: What an Impression

Here we are, in an elevator riding up to our hotel room. I’m not a firefighter, in fact — the closest I’ve come is putting out a campfire with a hose. But for some reason, this tubular lock caught my attention. Maybe it is because some companies use the elevator floor restrictions as a security […]

Misstep 23: Rock Music to Robber’s Ears

My primary line of business at work is application security. I spend hours a week pouring over various CWE’s over at https://cwe.mitre.org/, reading about how company’s have been breached, and other security information. It’s important to me to know very much what my company’s competitors are doing in the industry, and what is affecting those […]

Why the Irish Make the Best Pentesters

Who do you think of first when you hear O’Leary, O’Connell, O’Neill, and O’Brien? The Irish! For folks with names that have an apostrophe (‘), Have you ever been asked to remove it from a username field, email, or otherwise? Let’s Talk Structured Query Language (SQL) The vast majority of websites use databases that are […]