Profile

Cover photo
Khürt Williams
31,647 followers|689,273 views
AboutPostsPhotos+1'sReviews

Stream

Khürt Williams

Shared publicly  - 
 
One has to wonder what methodology Apple's development team uses for security code review.
1
Add a comment...

Khürt Williams

Shared publicly  - 
 
I'm considering giving Harrys.com a try.
The Gillette-Schick duopoly better watch out for Dollar Shave Club and Harry’s, which promise more convenience and less cost to do what men hate most in the morning.
1
Add a comment...

Khürt Williams

Shared publicly  - 
 
The pubic-beta program has existed for some time but was invitation only.
Previous betas were available only to developers and other limited audiences.
1
Add a comment...

Khürt Williams

Shared publicly  - 
 
This happened just two blocks from where I work.  I saw the helicopters overhead and I saw 5 cops cars with a suspect in custody on the road.  I need a new work location.
1
Ed Velez's profile photoJan Lewis's profile photo
2 comments
 
No place is sacred anymore
Add a comment...
 
 
Oldboot.B: the hiding tricks used by bootkit on Android

brief:

About one month ago, we (Claud Xiao and me) found the first Bootkit Trojan on the Android platform in the worldwide — Oldboot.A.

Recently, we have seized a new variant of the Oldboot family — Oldboot.B. It can delete its file in the file system to hide itself, inject malicious modules into critical system process, prevent Apps from uninstalling and uninstall/disable mobile Anti-Virus software. Most ELF binaries of the Oldboot.B have their executable code and strings encrypted.
1
Add a comment...
Have him in circles
31,647 people
 
P&G spending its multi-billion-dollar R&D budget on gimmicks is the Fortune 500 equivalent of Peter Thiel's "we wanted flying cars, instead we got 140 characters." And it's the same market-driven myopia that explains why Silicon Valley is full of copycat start-ups chasing the same dumb concepts (Uber for laundry!) instead of churning out real, creative products.
We don't need pivot-ball razors. We need moonshots.
1
Add a comment...

Khürt Williams

Shared publicly  - 
2
Add a comment...
 
A team of developers have created the forked the OpenSSL code base to create LibreSSL.

#Heartbleed   #OpenSSL  
OpenBSD developers "removed half of the OpenSSL source tree in a week."
2
Add a comment...
 
I'm working to help a client define proper separation of duties for various IT functions -- network, server,  database, development, directories, identity management.  Currently Windows Servers, AD, Exchange, account provisioning are all under the same manager and at least one person had domain admin and access to everything.  Similar situation for *NIX server and firewall admins (they are one and the same).

I'm interested in online resources that I can use to help me guide them.
1
Khürt Williams's profile photoSteve Higdon's profile photo
5 comments
 
Smart guy. A system developer probably should not have domain level access. Additionally, although finding ways to guarantee job security is great in our field, there is no reason that a consultant of 13 years is irreplaceable because he is the only one who understands how something works.

Some suggestions:
1. Hire someone for him to train, thus establishing a check against wrongdoing.
2. Remove domain administrator rights. He is a coder, not a network administrator.
3. Consider adopting updated IMS technology, which does not require a single point of failure that cannot be audited.

I could be wrong about this, but hopefully someone will chime in if that is the case.
Add a comment...

Khürt Williams

Shared publicly  - 
 
 
Given the recent interest in the Android Manifest (as well as related parsing utilities) as an attack surface, I whipped together a fuzzing tool in the hope of uncovering new issues :) Anyway, thought some of you guys might find it useful --> https://gist.github.com/k3170makan/10001255

ProTip : Try chopin' and changing the XML attributes that use the @string/app_name(android:label, android:name, android:description etc.) resource.
1
Add a comment...
People
Have him in circles
31,647 people
Work
Occupation
Cyber Security, Privacy & Risk Management Professional
Skills
security architecture and compliance, photography, PHP, Perl, jQuery
Story
Tagline
Trust but verify.
Introduction
Princeton, NJ area cyber security consultant, photographer and Apple geek. Lover of #coffee , #beer and #cheese. Person with Type 1 #diabetes.

I'm an OS X, Windows, and Linux/UNIX user.
Perl/PHP Developer and Learning Objective C and Python.


Princeton Cyber Security Consultant, Consultant, Apple, iPad, Cyber Security Consultant, New Jersey Cyber Security Consultant, Princeton Cyber Security, Princeton New Jersey Cyber Security, New Jersey Cyber Security, Cyber Security, Privacy & Risk Management
Basic Information
Gender
Male
Khürt Williams's +1's are the things they like, agree with, or want to recommend.
Apple Fixes Serious SSL Issue in OSX and iOS | Threatpost | The first st...
threatpost.com

Apple Security Update 2014-002 fixes serious SSL vulnerabilities in OSX Mavericks and iOS 7.1.1.

Gillette’s Razor = Everything Wrong With America
nymag.com

We don't need pivot-ball razors. We need moonshots.

Rich Chinese hire American surrogate mothers for up to $120,000 a child
www.telegraph.co.uk

Wealthy Chinese are hiring American women to serve as surrogates for their children, creating a small but growing business in $120,000 "desi

Verizon DBIR 2014: Incident patterns show industry-specific threats
searchsecurity.techtarget.com

The Verizon DBIR 2014 relies on incident patterns to show that not every organization needs to worry about every threat, but instead about i

Heartbleed Highlights a Contradiction in the Web
www.nytimes.com

The bug that rattled the Internet last week exposed the paradox that some of the web’s most crucial coding depends on the efforts of volunte

Time to Crowdfund Open Source Security? | Application Security News, Res...
blog.veracode.com

Will crowd funding bug bounties for OpenSSL solve its security problems? Probably not. crowfund-openssl-bug-bounty. For years, security expe

Prominent Ed-Tech Players' Data-Privacy Policies Attract Scrutiny
www.edweek.org

A review of the data-privacy policies of Edmodo, Khan Academy, and Pearson—which have access to information about tens of millions of studen

American Funds advises password changes, cites 'Heartbleed' risk
finance.yahoo.com

American Funds, one of the largest U.S. mutual funds families, sent an email to 825,000 shareholders on Wednesday, advising them to change t

Think tank challenges Heartbleed handwringing
www.csoonline.com

Recent opinion piece has researchers debating seriousness of the OpenSSL flaw

Google Online Security Blog: Google Services Updated to Address OpenSSL ...
googleonlinesecurity.blogspot.com

Wednesday, April 9, 2014 9:58 AM. Posted by Matthew O'Connor, Product Manager You may have heard of “Heartbleed,” a flaw in OpenSSL that cou

Android 4.1.1 devices impacted by Heartbleed bug, reveals Google
www.androidos.in

Google has revealed that the devices running on Android 4.1.1 are impacted the Heartbleed bug, which has been the talk of the town for the l

Princeton Tax Day Penny Poll Postponed to April 16 | Planet Princeton
planetprinceton.com

The Princeton-based Coalition for Peace Action will conduct its annual “Penny Poll” on federal spending priorities the day after this year's

Forget creepers: 'Heartbleed' security flaw is the greatest threat to mi...
venturebeat.com

The millions of people who play Minecraft should change their passwords as soon as possible. Minecraft developer Mojang's web servers were a

Heartbleed bug affects gadgets everywhere
money.cnn.com

The Heartbleed Internet bug affects a lot of the gear we all use at work. Fixing it all will be a herculean task.

To the person who complained about not knowing about where to pick the Apples before parking. You should have read the web site information. It clearly specifies where to pick; And there is no entry fee to pick your apples at Van-Kirk. The entrance fee at the other site is to cover the cost of the rides and the band. As for the complaint about bees. Really? It's a FARM!!!!
Public - 2 months ago
reviewed 2 months ago
I think this is now called "Maria's Hair Salon".
Public - 2 months ago
reviewed 2 months ago
We walked leisurely along the paved pathways as Sarah taught about the native trees that had been planted to restore the area. Some trees were native to New Jersey and others are native to the United States. The park has many bridges and benches where one can sit and enjoy the quiet of nature and catch a few rays of sunlight. I’m having a great time discovering the local nature trails in Montgomery. I look forward to the next Sunday in the Park event.
Public - 2 months ago
reviewed 2 months ago
The baristas are meticulous about serving you the best cup of anything they offer. I've had the espresso, the cortado, the machiatto, the latte, the capucino and I have never been disappointed.
Public - 6 months ago
reviewed 6 months ago
29 reviews
Map
Map
Map
Best damn coffee shop in the entire 08540 zip code.
Public - 2 months ago
reviewed 2 months ago
The office was closed for the day and I wanted to eat somewhere local. I'm just over a mile from Rocky Hill. I sat at the bar and ordered what AmericaTop10 called the "Best Burger in New Jersey". Of course I ordered a brew as well. Delicious. I had a chance to speak to the friendly chef/owner while I enjoyed my burger. The bartender was attentive and I had some lively conversation with another gentleman at the bar.
Public - 2 months ago
reviewed 2 months ago
It's famous for the pizza not the decor. Most of the seating is booth seating but there are some large tables in the center of the restaurant. No fancy plates. I got the sense that this was a local attraction. We had to wait awhile for a table but it was a Saturday night so this was expected.
Food: Very goodDecor: GoodService: Good
Public - 10 months ago
reviewed 10 months ago