Victim-blaming by any other name still smells just as bad

One of my favourite bloggers Troy Hunt posed a question on Twitter yesterday asking whether a user should share responsibility for a weak password that they reuse across multiple services. There was a lot of great discussion and debate, and I found myself opposing Troy’s views. It was getting late in the night and despite … Continue reading Victim-blaming by any other name still smells just as bad →

The Queen Agrees

Around 2006 / 2007 I began blogging and tried to get into video blogging. Although I’d been working in information security for 7 years up to that point, I wasn’t well-connected in terms of what conferences ran, who the influencers were, or who the editors of any of the numerous security magazines or websites were. … Continue reading The Queen Agrees →

I think I’ve been hacked

A lot of individuals and companies of all sizes often use the phrase where they 'think' they've been hacked or breached, or had some form of unwanted event. There is usually a lack of conviction in this statement, and in hindsight it's not easy to validate. Sure, one could use a service like haveibeenpwned.com to … Continue reading I think I’ve been hacked →

Analyst Vendor Briefings

Fuelled by a twitter conversation both Adrian Sanabria and Anton Chuvakin posted articles here and here, sharing some good tips on what makes a good briefing and common pitfalls to avoid. As a former (recovering?) analyst, I thought it only right that I jump on the bandwagon and share my thoughts on the topic. What … Continue reading Analyst Vendor Briefings →

The attitudes of credential sharing

My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !! — Nadine Dorries (@NadineDorries) December 2, 2017 This tweet by member … Continue reading The attitudes of credential sharing →

Undermining security and weakening Android

I have Amazon Prime, I quite like their shows, and whenever I have some time to kill I’ll watch an episode or 3. A couple of weeks ago, I thought it would be a good idea to install the official Amazon video app on my android device, so that I could download episodes and watch … Continue reading Undermining security and weakening Android →

Making Sense of WannaCry

Whenever a calamity befalls, it's only natural for people to try and rationalise and identify the problem. As is now happening with the WannaCry ransomware outbreak that affected the UK's NHS service, and other services in over 100 countries. People are discussing what should have been done to prevent it. On one hand, there’s a … Continue reading Making Sense of WannaCry →

When culture eats awareness for breakfast

European startup CLTRe founded by Kai Roer has spent the last couple of years examining the security awareness and user behaviour problem through the lens of security culture. Based on findings over the course of 2016, CLTRe has produced its first annual Security Culture report, co-written by Roer and Gregor Petric, Ph.D., an Associate Professor … Continue reading When culture eats awareness for breakfast →

The Growing Impact of Security Researchers

I've followed Scott Helme's work for a while now and have been impressed with his approach. So was interested to find out that he had teamed up with BBC Click and Prof Alan Woodward to comprehensively dismantle a vendors claim to total security. Scott has published the whole story on his blog and The BBC Click … Continue reading The Growing Impact of Security Researchers →

Understanding realities

In between all the politics and memes on twitter, you sometimes come across a genuinely interesting security conversation. My friend Quentyn Taylor, who happens to be a CISO posted this tweet that generated a lot of great commentary. and for those infosec people who just say "upgrade all your legacy"...well someday you too may work … Continue reading Understanding realities →