When creating a new account for yourself, either at your employeer, on the Internett in general or for your customers, you should in theory adhere to some best practice rules such as creating a strong password. That is: – Above 20 characters – A variety of special characters – No sentences, they alone can quite […]
Author: Chris Dale
I'm Chris Dale from Norway, founder and principal consultant at River Security (https://riversecurity.eu/). Along with my security expertise, I have a background from system development and application management. Having a vast and broad experience in IT certainly help a great deal when working penetration tests and incidents.
I am an open, sharing and engaging person to be around, some even think I'm funny. I am usually enthusiastic and motivating when I work, and usually positive and optimistic about the general problems I encounter. I am passionate about security, both IT and physical security, which is one of the reasons I do a lot of public speaking at different events such as classes, conferences and workshops.
Driven by mottos such as "Magic is just science we don't understand yet" and "Think bad, do good", I attack today's security challenges with eagerness and enthusiasm. I consider myself a pragmatic person, with the ability to think outside the box, keeping the business in focus.
I also teach for SANS. My primary class I am teaching is Hacking Techniques, Exploits & Incident Handling. This course prepares you for the GIAC Certification in Incident Handling (GCIH). I find it extremely motivating and fun to teach others the art of security and hacking, and I often find that my passion and enthusiasm rubs off on my students.
I found a security vulnerability, how do I disclose it?
I get different people approaching me all the time regarding this question; how do you disclose security vulnerabilities? In this post I’ll share my thoughts on the subject. First of all, you should probably stay away from researching vulnerabilities on-line, wihtout permission. Your hat will quickly turn to shades of grey, and suddenly black before you […]
15 solid tips on producing good documentation
Documentation has been very dear for me for a long time. The usefulness and importance of documenting is just so immerse! In this post I’ll take a chop on some of my thoughts on documenting. Keep it simple stupid. Documentation should be brief and to the point. Do your best in having economy of words, […]
How to Password Reset
A lot of companies and organisations does not do password resets properly today. Here is a recipe on how to do it securely. User enters the login page. This must be loaded over HTTPS. User clicks the “Forgot password” button. The user must then supply something unique to the user, e.g. email or username. The backend […]
LinkedIn Phish – Investment Proposal
Today I received the following message from a LinkedIn contact: Greetings, I hope all is well with you, please review this recommendation for an investment opportunity which am considering a partnership with you if you’re interested. I hope that the reasons for this investment, which are alluded to in more details in the enclosed document( […]
News anchor challenged me to hack his Facebook account – Did he regret his decision?
I was privileged enough to be interviewed on Norwegian breakfast TV Saturday morning. The reporter had asked me to try hack his Facebook account the day before. Do you think he regret his decision? Here is the clip: – Norwegian (original): www.tv2.no/v/867173/ – English: https://www.youtube.com/watch?v=JhMpjSiqq5s (turn on subtitles)
Finding Zero-Day XSS Vulns via Doc Metadata (+ WordPress 0day)
I’ve just released a blog post over at SANS pen-testing blog. Check out my latest article there: http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata It contains details on using metadata as an attack vector, and using these techniques to metadata bomb documents to find zero-days. I hope you enjoy it.
Patch for BadUSB
Go, go, go… Install this ASAP for quick and immediate patch.
SQL Join types explained with 1 picture
Venn diagrams are often over-used, however in this scenario it is a truly perfect fit for explaining SQL Joins. If you ever wonder how a join works or which join you should use, take a look at this picture: [important]Credits to CL Moffatt for creating this picture: http://www.codeproject.com/Articles/33052/Visual-Representation-of-SQL-Joins[/important]
Protected: Easter Challenge – The mystery of the missing Easter Bunny
There is no excerpt because this is a protected post.