Memoirs of BSides London and Infosec Europe 2013

Warning: this is a long post, if you don't want to read it all then watch this short recap video, otherwise read on. Even though it was summer, the sun had long set. It was late and getting chilly. My feet were numb and I was feeling the ill effects of 3 days of … Continue reading Memoirs of BSides London and Infosec Europe 2013 →

Dealing with an auditor

At last weeks Infosec Europe, fellow blogger, friend and information security executive Jitender Arora was involved in a debate that asked the question whether the auditor was friend or foe to the security department. This was an interesting debate that for many can bring up many mixed emotions and feelings. But it reminds me of … Continue reading Dealing with an auditor →

Make your vote count

The prestigious European Security Blogger awards are upon us. For those unfamiliar with the European Security blogger awards, it's an award ceremony for bloggers who specialise in security and reside in Europe - at least that what I hope it means. I am fortunate enough to have made it into the finals in five of … Continue reading Make your vote count →

Log management

Log management and SIEM are not really spoken about by those outside of security and understood even less. I guess one of the reasons is that unless there are a relatively large number of logs to go through (or there is actually have an interest in doing so) most people will not really do much … Continue reading Log management →

HTTPS is broken?

I recently saw that researchers had published their findings on security flaws in RC4 in TLS which led to some articles being churned out with eye-catching heading such as “HTTPS is broken”. A decent write-up on the issue can be found on the Naked Security blog. But this got me thinking about the whole relationship security … Continue reading HTTPS is broken? →

RSA 2013 and Bsides San Francisco

I can now tick RSA off the list of major conferences I have yet to attend. With near continuous back to back meetings, severe jet-lag, a gathering of a ton of great people, lots of walking and hardly any sleep made it one of the most demanding conferences I have attended as an analyst… but, … Continue reading RSA 2013 and Bsides San Francisco →

SQL Injection

Persistent Threats (yes, I dropped the advanced) get a lot of airtime, but if there ever was a case for a persistent vulnerability (PV), you'd have to imagine SQL injection (SQLi) being the grandmother of them all. Ever since SQL databases have been used, input fields have been vulnerable to SQLi. If you were to … Continue reading SQL Injection →

Resolutions and Predictions

We've passed the mid-way point of January, but we thought it would be a good idea to share some resolutions and predictions for the year. As you can tell, we didn't do a very good job of agreeing on anything. I've been warned by Girl Cynic not to be making any more predictions for … Continue reading Resolutions and Predictions →

AV “Really” dead now says security expert

London - New research published by another security expert who coincidently works for an anti anti-virus company (AAV) has declared anti-virus to be really dead. An AAV spokesman said, “We threw everything we could think of at the laptop. chickenpox, foot and mouth, influenza, yellow fever, you name it and none of the products detected … Continue reading AV “Really” dead now says security expert →

Cookies and European Laws

Ever visit a European website and wonder what that message means that generally pops up telling you they use cookies? Well all is about to be revealed.