Get short, timely messages from Michael Coates.

Twitter is a rich source of instantly updated information. It's easy to stay updated on an incredibly wide variety of topics. Join today and follow @_mwc.

Get updates via SMS by texting follow _mwc to 40404 in the United States
Codes for other countries

Country	Code	For customers of
Two-way (sending and receiving) short codes:
Australia	0198089488 Telstra
Canada	21212 (any)
United Kingdom	86444 Vodafone, Orange, 3, O2
Indonesia	89887 AXIS, 3, Telkomsel
Ireland	51210 O2
India	53000 Bharti Airtel, Videocon
Jordan	90903 Zain
New Zealand	8987 Vodafone, Telecom NZ
United States	40404 (any)

_mwc

Http Strict Transport Security - an enhancement you should definitely use on your website - bit.ly/LoUKM8 #security #appsec 5:40 PM May 25th via TweetDeck
@a0viedo Link to more reading? I'd be interested to see comparison of dictionary attack against pass phrase vs password. 10:27 AM May 24th via TweetDeck in reply to a0viedo
Why are people advocating password complexity instead of password phrases. Phrases are easier for users, more entropy #passwords 9:40 AM May 24th via TweetDeck
Check Your Firefox Plug-Ins in 5 Minutes - bit.ly/JVeo7M #security #firefox 9:23 AM May 24th via TweetDeck
stshank Real browser choice: an artifact of the PC era? cnet.co/KyyoGR 7:52 AM May 23rd via TweetDeck Retweeted by _mwc and 4 others
johnolilly Um what? Great move...in 2008. RT @Rafe: Here comes Yahoo's own Web browser, Axis. cnet.co/JJ92f9 4:51 PM May 23rd via Tweetbot for iOS from Queens, NY Retweeted by _mwc and 13 others
#mozcamp latam security folk - if you want more security knowledge OWASP is holding the #LatamTour2012 on May 26 bit.ly/K9mDtB 5:43 PM May 21st via TweetDeck
#mozcamp slides online for Mozilla Security Talk with latam community slidesha.re/J9eT87 3:19 PM May 21st via TweetDeck
rjmackay Fixing security issues is doing my head in.. join OWASP's May security blitz while there's still May left owasp.org/index.php/OWAS… 6:11 PM May 20th via web Retweeted by _mwc and 2 others
@sandeepsabnani @owasp Welcome! Glad to have you helping out. Feel free to ping me with any questions. 10:09 AM May 17th via TweetDeck in reply to sandeepsabnani
@rjmackay @ushahidi I'd recommend using either Mozilla's CSRF for django bit.ly/JiXFKM or OWASP CSRF guard bit.ly/JiXD5D 10:08 AM May 17th via TweetDeck in reply to rjmackay
@rjmackay @ushahidi Generally yes, but if there are header forging vulns this solution no longer works (like this one - bit.ly/JiXteh 10:08 AM May 17th via TweetDeck in reply to rjmackay
@hillbrad Agreed. Pentest should push changes in lifecycle for early detection & good pentests may find new types of issues in new techs 10:05 AM May 17th via TweetDeck in reply to hillbrad
@hillbrad Goal is to catch security vulns/weaknesses earlier, well before pen test - anything found in pentest is chance to refine S SDLC 9:45 AM May 17th via TweetDeck in reply to hillbrad
@hillbrad Yes, pen test is part of the secure sdlc, but imo it's purpose is a last effort to find breakdowns in the process. 9:44 AM May 17th via TweetDeck in reply to hillbrad
OWASP on linkedin - Show your support on the general group linkd.in/JI8rs1 or network with other members here linkd.in/JI8u73 2:51 PM May 16th via TweetDeck
Finding a flaw in a penetration test means you also have a flaw in your secure development lifecycle #rootcause #security 1:28 PM May 16th via TweetDeck
Did you know: When you clear all your firefox cookies you also clear flash cookies (been that way for a year) bit.ly/KZhbYj #privacy 4:04 PM May 15th via TweetDeck
@kenneth_aa @psiinon But, to answer your question - here's the list of Mozilla Security ppl on twitter - mzl.la/IRTbGZ 11:30 AM May 14th via TweetDeck in reply to kenneth_aa
@kenneth_aa @psiinon I'm hoping you typo'ed that question? "Sec" team, right? 11:29 AM May 14th via TweetDeck in reply to kenneth_aa