About Dan Morrill

Dan Morrill runs Techwag, a site all about his views on social media, education, technology, and some of the more interesting things that happen on the internet. He works at CityU of Seattle as the Program Director for the Computer Science, Information Systems and Information Security educational programs.
Outsourcing the Grunge Work

Interesting ideas floating around today, the basic premise is that people are earning a lot of money to build and tear down ACL’s, manage routers, switches, firewalls, and other general day to day maintenance.

Ajax-Enabled App Exploitation Framework

Reading an interesting paper from Wisec Italy, who presented a paper on an exploitation framework for Ajax and Web 2.0.

Common Language Equates to Common Goals

Over at Dark Reading, Dr. Chris Pierson an attorney with Lewis and Roca discuses the impacts of not being able to communicate between business, security, IT, and others within the company.

Information Security – A People Problem

Interesting article out on outlaw about how information security is a people problem, which is something that we all probably really do know, even if we won’t really admit it all the time.

Should Google Offer Its Own Services as a Tip?

I have been watching the latest spat against Google for offering “tips” on services and products that they offer, when some web searches are input into Google.

Insider Threats

Organizations in many ways contribute the actions of their employees.

What are Our Co-workers Doing on the Net?

8e6 has a report here that should provide all of us in security an amusing insight into what our co-workers are doing on the internet.

IT Security: The Actuarial Table

Earlier this week I talked about building out an actuarial table for defining risk in information security as something that would work in helping information security professionals being insured against the work that they do.

Malpractice in Information Security?

Interesting QA over at CSO Security Counsel today with Dan Greer trying to define what is information security malpractice, and the most interesting part is that today, we can’t define it.

Zen and the Art of Being a Small Business

Being a small business is tough, there is no way around that, long sleepless nights, long sleepless days, clients who act bizarre, clients who do not pay promptly yet you need them anyways.

Small Business: More Zen

This is part two of a two part series, Zen and the art of small business.

Technology Worker Shortage, Everyone on Bandwagon

This week Price Waterhouse Coopers (PWC) released a report on the state of high tech hiring, and it is really truly a must read.

Why Getting Great “A” Talent is Hard

All companies really want to hire the best and brightest; the best ones that they can find that meet the criteria of the job, would seem to fit into the organization, and has the ability to actually do the job.

Computer Security Still Damaged by Social Engineering

Interesting article out of CIO magazine about Vista, and that while it is a highly secure operating system, with some neat things it can do, it still is not invulnerable to those programs that require social engineering to get the user to do something.

Oracle Responds To Information Security Critics

Oracle the Database Company is taking time out on its corporate blog to address a number of critics on the security of Oracle Databases.

Information Security Fundamentally Broken

In May of 2006 I read an article by Noam Eppel on Security Absurdity, Why information security is broken, which can be downloaded here to read the original article.

UK Computer Industry at a Crossroads

The BBC is running an interesting article on the number of qualified skilled people wanting to work in the computer industry, and the lack of said people who are coming through the college ranks.

Copybot and Second Life

For folks following the copyright intellectual property implications in the gaming industry, Second Life is facing its first real crisis when it comes to the value of in game goods, copyright, liability and just plain old copying.

Risk Management – Security Qualified Candidates

All companies have a risk tolerance, some companies have a higher tolerance for risk than other companies do, many follow few lead.

Collaborative Information Security Next?

Have anyone ever been on the phone with a client after the job, where the client wants more information, needs a copy of the report, or just wants to spend some time discussing the implications of the report that the company generated for them?

Risk Management – Unreasonable Project Schedules

All companies have a risk tolerance, some companies have a higher tolerance for risk than other companies do, many follow few lead.

AJAX Security

In the last 3 months there have been 11 million articles found by Google that have been written about Ajax security.

Reputation Defender

Here at IT Toolbox we have written a lot about the impacts of social networks, and the risks to privacy and later on employability. Previous articles are Myspace and Privacy, the good part is that now comes along one of the smartest startup idea’s that I have seen, reputation defender. They are being featured in wired magazine today here.

Closed Vs. Open Sourced Material

I have been thinking about a comment I got on creative commons and how it should be more clearly labeled in the longer run so that people know what they can do with media.