Morgan Todd Lewistown, PA

AppSec USA – Register Now! : What:       AppSec USA 2012 Where:     Austin, TX When:      October 23-26, 2012 Website:   www.appsecusa.org AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. The conference features talks and sessions in the Application Security space including development, web application security, cloud security, DevOps, Open Source and OWASP tools given by the top speakers in the industry . AppSec USA 2012 Training: One-Day Training: Tuesday, October 23 No Crack Required: Cryptanalysis in Real-World Applications (Timothy D. Morgan) One-Day Trainings: Wednesday, October 24 Elite Web Application Secure Defensive Coding Bootcamp (Jim Manico and Eoin Keary) CISO Training: Managing Web & Application Security – OWASP for Senior Managers (Tobias Gondr...

https://santoku-linux.com/   Santoku is a platform for mobile forensics, mobile malware analysis and mobile application security assessment. The free Santoku Community Edition is a collaborative project to provide a pre-configured Linux environment with utilities, drivers and guides for these areas. The alpha release is based on a fork of the OWASPMobiSec distro . The word santoku loosely translates as ‘three virtues’ or ‘three uses’. Santoku Linux has been crafted to support you in three endeavours: Santoku Community Edition is a pre-configured, bootable Linux environment. It can be run in Virtual Box or VMWare Player which are available free and run on Linux, Mac or Windows.  The download is large (3+ GB)  because it is a full .iso which contains a variety of packages, drivers, and applications. We strongly recommend you download on a fast connection with plenty of time (e.g. overnight). Mobile Forensics Tools to acquire and analyze data Firmware ...

From the Trenches – When to Break the 3-Minute Rule with Videos : I’ve b een using videos for our dealership since 2009 when I saw a seminar by Jim Ziegler at NADA .  I was very impressed and went back to Chicago and bought a video camera.  Since then, we’ve put up over 2,700 videos on YouTube. The best practice of 3 to 5 minutes for a video is well known and has a firm foundation.  But it’s not gospel.  Let me explain. In my mind, for dealers, there are basically four kinds of videos that you can make for your dealership and varying lengths that are acceptable for them. Branding videos – very short, maybe 1 minute max. Conversion videos – 2-5 minutes True Walkaround Videos – 3-8 minutes Instructional Videos – whatever is necessary Branding Videos are basically advertising your store or product and services.  Customers have a very low tolerance and acceptance for them because they are “push” marketing similar ...

Emulating Microsoft’s Metro Design Language : Over the past few years, Microsoft has adopted its incumbent design language to a significant extent. Metro is the aesthetic basis of Windows 8; Microsoft’s next operating system shipping this October. Let’s take a look at what Metro is, how we can emulate some of its desirable principles and take a look at where it’s being used already. What is Metro? Metro is the name given to the design language used in Microsoft’s current and next-generation operating systems, including the upcoming Windows 8, the current Xbox 360 dashboard and in some of their websites. Aspects have already been evident in some of the company’s earlier work, back in Windows XP and the Zune. Microsoft’s design team have revealed that the language is partly influenced by public transport signs which places a significant emphasis on typography and a visual hierarchy consisting of text with varying properties. In software desgn, Microsoft described Metro as a “refresh”...

Web Design Workshop #19: A.M Motors : Web Design Workshop is our regular community project where we ask readers to submit their work for your friendly, constructive criticism. It’s the perfect way to learn, offer opinions and have your own work critiqued! This week, something for the motorheads amongst you.. Rules of Engagement Play nice! We deliberately select work which will benefit from advice and pointers. If you can’t be constructive in your comments, don’t. Other than that, offer any advice you can give. Feel free to link to examples and images which back up your points. The Design We designed this to showcase all the cars manufactured by Maruti Suzuki in India. This is a dealer website. We are trying to make all the info available when a person needs to buy a car. – Jaijin Poulose Project: A.M Motors Designer: Jaijin Poulose Looking for constructive criticism on your own work? Submit it for a workshop – most but not all submissions are published. Be patient though, t...

"Stand Your Ground" - A Case for GRC : If you've not had the opportunity to read the recent Dan Geer / Jerry Archer IEEE S&P Cleartext column titled "Stand Your Ground," then please go read it now. It's only a single page, two-column article and it won't take you long. It is, hands-down, one of the best summaries of contemporary, leading-edge thinking on the state of infosec that I've seen. Finished? Cool... let's continue... Allow me to take an outlandish step and try to summarize this excellent, concise work in three bullets. I'll then try to elaborate a bit on each of these points to put things into a practicable use case. In short, the article points out the key business imperative: survival. In order for a business to succeed and have value, it has to survive over time, enduring ups and downs, and especially being able to handle various IT-related incidents. In order to achieve this objective, Geer and Archer roughly cover thr...

Why XSS is serious business (and why Tesco needs to pay attention) : It was three weeks ago now that I wrote about Lessons in website security anti-patterns by Tesco where I pointed out a whole raft of basic, flawed practices which jeopardised the security and privacy of shoppers. These practices in and of themselves were (are) bad, but what really seemed to fire up a lot of people was Tesco’s response when I first flagged it with them: 1,883 retweets later, numerous media articles and a chorus of software and security professionals decrying Tesco’s approach to security (and customer service, for that matter) including one of the industry’s most preeminent security brains referring to their password security as “lousy” , and nothing has changed. One of the things that hasn’t changed is their continued assertion that there’s nothing to see here – no security problems, move along now“ This was just last week and well after the “robust” theory had been well and truly rejected by a...

Quick Guide This guide gives you a short overview on how to use FileZilla client. By default you don't have to configure FileZilla, so you can start directly working with the program. Download Filezilla from here  http://filezilla-project.org/download.php Connecting to an FTP server Using the Quick Connect bar To connect to an FTP server, enter the address of the server into the host field of the Quickconnect bar (e.g. example.com - see image below). If it is a special server type like an SFTP server, add the protocol in front of the address. In case of an SFTP server, start the address with 'sftp://' (e.g. sftp://example.com). Enter the port of the server into the port field if it is  not  the default port (21 for FTP, 22 for SFTP). If a username / password is required, enter it in the corresponding fields, otherwise the default  anonymous  logon will be used. Click on Quickconnect or press Enter to connect to ...

Configuring URL Parameters in Webmaster Tools : Webmaster Level: Intermediate to Advanced We recently filmed a video (with slides available) to provide more information about the URL Parameters feature in Webmaster Tools. The URL Parameters feature is designed for webmasters who want to help Google crawl their site more efficiently, and who manage a site with -- you guessed it -- URL parameters! To be eligible for this feature, the URL parameters must be configured in key/value pairs like item=swedish-fish or category=gummy-candy in the URL http://www.example.com/product.php?item=swedish-fish&category=gummy-candy . Guidance for common cases when configuring URL Parameters. Music in the background masks the ongoing pounding of my neighbor’s construction! URL Parameter settings are powerful. By telling us how your parameters behave and the recommended action for Googlebot, you can improve your site’s crawl efficiency. On the other hand, if configured incorrectly, you...

W3C Hammers Out the Details of CSS Variables : The mythical Jackalope variable surrounded by CSS bunnies. Image: Wikimedia The W3C’s CSS Working Group, the standards body that oversees the CSS specification, is getting closer to defining one of CSS’s most requested features — CSS Variables. However, if you’ve been dreaming of SASS or LESS style power without the preprocessor, the new CSS Variables draft might leave you scratching your head. Variables used to be one of the most requested features for CSS, particularly from programmers accustomed to languages with variables. But, between then and now, CSS preprocessors like SASS and LESS have largely filled the role by offering variables (and more). Still, SASS and LESS are not CSS. By the same token, what’s being proposed under the name CSS Variables is not what most developers would think of as a variable. Daniel Glazman, co-chair of the W3C CSS Working Group, calls the new variables “ Inherited User-Defined Properties .” ...

FOR IMMEDIATE RELEASE: VL Digital Marketing | VL Automotive Marketing info@vlautomotivemarketing.com http://vlautomarketing.com Look Before You Lock Raleigh, NC Aug 20, 2012 Vl Automotive Marketing will be including links and images to the national “Look Before You Lock” campaign in their national automotive blogging network, which provide research information for new and used car buyers. The Department of Transportation and the Department of Health and Human Services are now teaming up to educate people about the threat. They're joining a campaign called "Where's Baby: Look Before You Lock." The 'Look Before You Lock' campaign reminds parents to double-check their vehicles, before they walk away. The government launched a crackdown Friday morning on children being left inside hot cars. This follows the heat-related deaths of at least eight children nationwide in just the first week of August. “ We will be providing an image and link to th...

Google Finally Rolls Out Vanity URLs for Google+ : Recently Google started offering vanity URLs for Google Plus. The announcement stated that the vanity URLs will start being rolled out with a few verified users but it will soon become available for all users. Finally this is what many of us have been waiting for with Google+ no more massive strings of numbers in your URL now you can just have a simple short URL like plus.google.com/yourname and this will make Google Plus Marketing much more convenient now. Besides letting you get rid of the number string and add your personal username Google is also dropping the ‘plus’ from the URL to make it even shorter. For example we would be able to change our Google+ URL to google.com/+wikimotive or Wired could use google.com/+wired . This should make it much easier for brands to optimize their Google+ and do better branding, not to mention you can actually write out your profile URL now and it will be recognizable and easy to remember. Some...

Tips to Optimize Your Dealership’s Google+ Page : So you've created your dealership's Google+ Brand Page in preparation for the move from Google Places to Google Plus Local...but now what?  Here are some tips for optimizing your dealership's Google+ page: Keep SEO in Mind: When putting information into the "About Us" tab, use relevant keywords. Also use these terms when adding content to your page to help search engines (especially Google) understand what your page is about.  Use "Recommended Links" to send traffic to your dealership's blog and other social media profiles. Have Content Ready: Google recommends having 10-20 posts on your Google+ business page before you really start promoting it.  Recent posts is one of the things they use to judge the quality of your page, so having it full of content once people start visiting it will help. Promote Your Page: Add a Google+ button everywhere you promote your other social media accounts....

OWASP Xelenium: Security Unit Tests : (from V.Vasanth) Hello OWASP Friends, Warm Greetings!! Today, I would like to introduce you all to my humble effort called ‘OWASP Xelenium’, which helps the user in identifying the security testing threats present in the web applications. Xelenium is an automated security testing tool that uses Selenium, leading open source test automation tool, as its engine. Xelenium accepts very limited inputs from user and tests the application using the predefined automation procedure. Current version of Xelenium identifies the Cross Site Scripting threats present in the web application. In subsequent versions, Xelenium will be enhanced to identify other leading security threats. First version of Xelenium was published on June 22 nd , 2012, and second version was published on 6 th August, 2012. Till now, around 4000 downloads were happened. You can find more info here: https://www.owasp.org/index.php/OWASP_Xelenium_Project In the next version, I...

Through effective SEO tactics, you can improve your search engine rankings for important terms, gain more traffic and do more business. Search engine optimization techniques focus on increasing the organic, or natural, traffic that you receive based on your ranking within the search engines. While each search engine uses its own algorithm for determining the ranking of every page that is indexed, it is possible to increase your rankings by making your site informative and visible via both on-page and off-page techniques. Sites that are designed with ease-of-use and quality information in mind tend to do better than those built sloppily and without a solid plan. It really doesn't matter what type of website you have, whether it's personal or geared towards your business. Incorporating search engine optimization techniques into the creation and ongoing upkeep of your site will ensure you receive higher levels of traffic and, ultimately, greater success. Kill the Myth: Th...

Winning the Video Thumbnail in Google Universal Search : Posted by mybinding1 Have you noticed that more and more video results are showing up in Google search results? Everywhere I turn, it seems that Google is providing me with options of videos to watch on the first page of their search results. As a user, I appreciate the video content and will often click on the video results. As a marketer, I am incredibly jealous of those placements and am constantly searching for ways to capture that traffic for my site. This post highlights the five most important factors I've found that play the largest role in when and where a thumbnail is awarded. 1. Index Status This may seem like a no-brainer, but if your videos are not included in the video index, then you will not be eligible for the video thumbnail. That makes getting the video content on your site indexed your first priority. If you want to check to see if your videos are included in the index, simply do a site search for yo...