About a month ago I had to fly to Ottawa to present at a conference. It was a short trip but I felt that I got a lot accomplished. A few weeks later my wife noticed my receipts and ticket stubs sitting on the kitchen table (as I am notorious for not doing my expense reports in a timely manner). To her surprise she noticed that my ticket stub for my flight from Ottawa to Toronto had the passenger name of Rudd on in instead of mine. This alarms me for a few reasons. Not only did I:

1) Check-in via the Air Canada website,
2) Show up at the ticket counter, have them ask for my ID, and have them issue me my ticket,
3) Go through the airport screening where they checked my ticket and my ID,
4) Have the attendant verify my ID and ticket before allowing me on the plane,

THEY ALLOWED ME TO BOARD WITH THE WRONG NAME ON MY TICKET!

Which really makes me wonder…what happened to poor Mr. Rudd? Maybe I just have a much more honest face than I thought.

I received, via the webappsec mailing list, an excellent presentation from Stefano Di Paola, of OWASP Italy, on Testing Flash Applications that I thought I would share:

During the 6th OWASP AppSec Conference in Italy, I presented a research about testing for security vulnerabilities in Flash applications.

Abstract:
My work describes several security flaws in Flash Applications and bad habits in ActionScript coding, by analysing real world swf applications flaws and potential vulnerabilities that could lead to client side attacks. A new kind of attack called Cross Site Flashing is also explained.

Blog Entry:
http://www.wisec.it/sectou.php?id=464dd35c8c5ad

Pdf Version:
http://www.wisec.it/docs.php?id=5

Swf Version:
http://www.wisec.it/docs.php?id=6 – Don’t worry…it’s safe.

It’s quite in depth and is worth a read by anyone who anticipates Flash applications to turn up in their auditing or testing.

On my Suggested Blog Reading – Tuesday May 1st, 2007 post I received a rather pleasent note from Pravin Bhagwat, Chief Technology Officer of AirTight Networks defending the AirTight technology that was slammed by David Maynor in his blog post here.

Not only did I receive the note but I also received a pleasant email from Della Lowe, Director of Public Relations for AirTight Networks confirming that I received the comment on my post. I was very impressed that the company, while running “damage control”, also took the time to track down the bloggers who mentioned the original article. Well done Google Alerts, I guess you’re not just for my vain self-searches anymore.

In my post I stated that David’s comments were a “good assessment” of the products capabilities. What I should have said was “good article but I’ll reserve judgment until I get a chance to try it myself.”

I’ve never been convinced that a wireless intrusion technology could work effectively but I’m certainly open to being proved wrong. Thank you AirTight for taking the time to contact the “little guy”….well maybe not “little”….I guess 6 foot 4, 300+ isn’t all that little 🙂