Skip to content

My Publications

This page lists various whitepapers and publications I have written on the topics of security and privacy. Over the next few weeks I will be uploading and enabling the hyperlinks, so check back.


Radio Frequency Identification, or RFID, is not a new technology. However, it is being used in new and different ways that have raised the concerns of security and privacy advocates. Many people today are not aware of the growing use of RFID technology around them.

This article is composed of two parts. Part 1 provides an introduction to RFID technology and stands alone as a general tutorial on RFID. Part 2 examines some of the more common security and privacy concerns associated with RFID, primarily related to retail and consumer applications.

Incident Response & Computer Forensics

  • F.I.R.E. – The Forensic and Incident Response Environment

The Forensic and Incident Response Environment, commonly referred to as FIRE, is a Linux based bootable CD distribution that includes a multitude of pre-installed, open source forensic, security assessment, and penetration testing tools. As these are not typically included in mainstream Linux distributions, much time and effort can be saved in downloading, compiling and installing the extensive suite of security tools found in FIRE.

This whitepaper provides an introduction to the security and forensic capabilities of FIRE, briefly reviews FIRE’s security suite of tools, and introduces several useful utilities necessary to create a bootable FIRE CD.

  • Introducing the Network Security Toolkit (NST)

In this whitepaper I introduce a similar open source security toolkit called the Network Security Toolkit, or NST. NST is an open source development project that integrates a suite of open source security tools with the Linux operating system. It is released under the GNU General Public License, and is available at no cost.

Auditing & Assessment

  • Security Auditing and Assessment: A Practical Guide

This whitepaper provides some pragmatic guidelines that IT staff can use to conduct a security audit or assessment. It does not promote a particular regulatory or industry security standard, such as COBiT , or ISO/IEC 17799:2005 , but rather reviews the “why” and “how” of performing an audit or assessment. Once you understand these constraints, you can insert the “what” into the methodology.

Spyware / Malware

  • Combating the Effects of Spyware on the Winsock API

Spyware has become an increasingly irritating problem for desktop computer users. Keeping a system devoid of spyware can be a constant battle. However, when spyware is removed incorrectly or indiscriminately, network functionality can be broken. This whitepaper reviews reasons why spyware removal in some cases breaks the Windows networking stack. It provides an introduction to the Windows Sockets (Winsock) application program interface (API), and its use of Layered Service Providers (LSP). It then examines how spyware manipulates Winsock to hijack and redirect network connections.

Web Authentication

  • Implementing Apache Web Server Authentication with .htaccess

.htaccess (Hypertext Access) is the default name for the Apache Web Server directory-level configuration file. It is sometimes referred to as a “distributed configuration file” because it can be implemented across multiple web directories to achieve different configuration results on a directory by directory basis.

This whitepaper focuses on implementing file and directory level access control on Apache Web Servers using the .htaccess configuration file for user authentication. Examples shown were tested using Apache 2.0, but should be applicable to versions 1.3 and 2.2 as well. The term “Apache” is loosely used to mean Apache web server.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: