Jan 04 2008
About
My name is Martin McKeay, and I started blogging about security in August of 2003. I was in a job where I had plenty of free time and SSH access to my home servers. I took up blogging as a means to extend my knowledge and test my ideas about security by putting them up for peer review. Four years later and I’m still at it, so I must be doing something right.
I live in Northern California with a lovely wife and two intelligent, if challenging, young boys. I work as a Senior Consultant for Trustwave, specializing in PCI assessments, as do most of us in the company. I have a fairly regular podcast co-hosted by none other than Rich Mogull, Mr. Securosis himself. And I occasionally write for folks like Computerworld.
I can usually be reached via cell at 707.495.7926, or you can send me an email at martin at mckeay dot net.
Photo by Thomas Hawk, CEO of Zooomr
Hi,
Love the podcast.
Was playing around with google and searched for
intitle:”index.of.secure”
Found:
Index of /secureIndex of /secure. Parent Directory. Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 …
http://www.mckeay.net/secure/ - 1k - Cached - Similar pages
Just thought I’d let you know….
D
P.S. Love the different music choices. Also Dualcore is suppose to have another CD out soon.
Your comment on the Societe Generale control failure is less than enlightening. You say
“…I don’t see how this could have been avoided,”
Are you just pulling our collective legs out here, or is that what you really think?
How about this?
1. Two factor authentication with hard security tokens (or biometrics), vastly reducing the risk of “stolen passwords” and/or “misappropriated the IT access codes”.
2. Daily (hourly) review of the overall risk position of the organization fed back to management directly from public sources, alarmed to specific limits.
I challenge you to demonstrate that these simple controls would not have prevented this catastrophe.
[...] About [...]
Nice picture.