"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. - Gene Spafford"
Welcome

Russ McRee's HolisticInfoSec.org is dedicated to sharing information security content and resources in an open, clear manner, with the hope of helping improve infosec for all who seek to do so. Information security is best broken down to the most simple components: best practices and common sense. The threat-scape facing an information security practitioner is perpetually dynamic; we must adapt and evolve as do those threats. Holisticinfosec.org endeavors to aid in that process through dynamic content and timely topics in ISSA Journal's toolsmith. As well we know, those who would do harm never rest: protect your own.

Practice simplicity
Seek to be proactive, rather than reactive
Think creatively, but adhere to standards
Employ best practices
 
Safe Keeping: Article on TrueCrypt in Information Security

TrueCrypt

Russ' article, Safe Keeping, regarding TrueCrypt, is now available in Information Security magazine.
TrueCrypt is an open source laptop encryption alternative for your organization.
This article also includes a sidebar on Adeona, an open source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service.

Adeona

I humbly suggest that you consider using both should you lack commercial solutions.
Cheers.

Information Security November 2008

 
(IN)SECURE article on open redirection vulns

Open redirect vulnerabilities: definition and prevention

Issue 17 of (IN)SECURE magazine includes Russ's article Open redirect vulnerabilities: definition and prevention on page 43.  (IN)SECURE, if you haven't already discovered, is an excellent publication and is freely available online.

 
Anatomy of an XSS Attack lead article in June's ISSA Journal

Anatomy of an XSS Attack

June's ISSA Jounal features Russ's article, Anatomy of an XSS Attack, as its title piece. This is a unique effort written in the 1st person, as a cybercriminal, to exemplify the grave harm that can come to users and consumers when cross-site scripting (XSS) vulnerabilities are left unmitigated. With kind permission from the ISSA Journal, holistiinfosec.org is able to bring non-members the pdf copy of Anatomy of an XSS Attack. Please consider joining the ISSA today.
 
Hacker Safe/McAfee Secure? Not so much.

While conducting Internet research, Russ found himself quickly immersed in a long standing debate over the merits of (or lack thereof) McAfee's Hacker Safe seal. See all the blog entries and each video of Hacker Safe branded sites showing all the benchmarks of XSS vulnerabilities.  The most recent press release on the issue is found at The Register . The original Information Week article that broke this discovery is here, as well as some additional insight from XSSed and WhiteHat Security's Jeremiah Grossman .

Update:
Further press on the issue, including the McAfee site itself being vulnerable , and much chuckling over the rebranding from Hacker Safe to McAfee Secure. There's also a great little piece from John Sawyer on Dark Reading. Finally, Dan Goodin at The Register also took Hacker Safe/McAfee's Brett Oliphant to task regarding the fraud charges he faces. 

 
 
More...