Misstep 27: Keys to the Kiosk

Kiosk with Exposed Wiring, Systems

Today, we’re going to take a look at a little piece of automation. Many folks see self checkouts in their grocery store, but my local hardware store uses these kiosks for something else. These are near the customer service area, and allow people with returns to swipe their credit card, and enter a UPC to […]

Misstep 26: The Keylogger that Couldn’t

Windows 98 Login Screen

Today, I take you back 20 years to the year 2000 — I’m in highschool now, taking a Visual Basic programming course. By this point, I had already been building applications (such as key loggers, spamming tools, and music players). The keyloggers were to capture keystrokes and trigger “hacks” or “mods” in games, not to […]

Misstep 25: Pet Your Cat74

Who here is a legit paper towel thief? Because I have the connection to a Washington DC-area restaurant that has lax enough of security measures to allow this! The Misstep The Key. The Solution This is a really stupid misstep this week, but it segues into something else — security awareness. Sure, the employees left […]

Misstep 24: What an Impression

Here we are, in an elevator riding up to our hotel room. I’m not a firefighter, in fact — the closest I’ve come is putting out a campfire with a hose. But for some reason, this tubular lock caught my attention. Maybe it is because some companies use the elevator floor restrictions as a security […]

Misstep 23: Rock Music to Robber’s Ears

My primary line of business at work is application security. I spend hours a week pouring over various CWE’s over at https://cwe.mitre.org/, reading about how company’s have been breached, and other security information. It’s important to me to know very much what my company’s competitors are doing in the industry, and what is affecting those […]

Why the Irish Make the Best Pentesters

Who do you think of first when you hear O’Leary, O’Connell, O’Neill, and O’Brien? The Irish! For folks with names that have an apostrophe (‘), Have you ever been asked to remove it from a username field, email, or otherwise? Let’s Talk Structured Query Language (SQL) The vast majority of websites use databases that are […]

Misstep 22: I’ve Got the Power

This week, we’re in the District of Columbia — the nation’s capital! We’re here to chat about juice! The Misstep If I wanted to deploy some sort of technological apparatus to attack networks, spread malware, etc — I’d certainly need a power source. I could seek out a solar panel that would generate enough for […]

Misstep 21: Shim Shimmity

You can easily tell how far ahead I am in my security blogs, considering this is scheduled to post in early April and there’s a Christmas Tree ornament hanging from this cabinet, but I digress. The Misstep This lock doesn’t even try to fit these knobs, it can easily be moved around to get over […]