@TwitterSupport A Lesson In Incident Response Comms

If you are a user of the social media platform Twitter (it's where the cool kids moved to when their parents joined Facebook, and what the younger kids avoid in favour of Tik Tok). There was a bit of a breachy weachy that went on. There are plenty of stories that are speculating on the … Continue reading @TwitterSupport A Lesson In Incident Response Comms →

Human SQLi

Do you remember Tiger King? Feels like a long time ago now, and by 2020 standards, it feels like kind of the time when things were normal. So, I was quite surprised to see Carole Baskins trending on Twitter. I thought maybe she's got her own show coming out, or that she was found guilty … Continue reading Human SQLi →

Travelex up for sale

Currency service provider Travelex has put itself up for sale, the London-based company said on Wednesday, a month after parent Finablr warned that it was preparing for a potential insolvency. Travelex has been grappling with its own share of problems after the company became the target of a ransomware attack in late December that could … Continue reading Travelex up for sale →

Tech debt of remote working

The Shodan blog posted some trends in internet exposure, which like most of the Shodan research is very interesting. One part that caught my eye was this. The number of devices exposing RDP to the Internet has grown over the past month which makes sense given how many organizations are moving to remote work. It's … Continue reading Tech debt of remote working →

Lost All The Money

After a several year hiatus, many creative differences, multiple instances of rage-quitting, and several occasions of ghosting so good that Patrick Swayze would have been proud - the group I founded, Host Unknown, has released it's much-awaited third song. We've covered security certifications, and we've tackled risk management. But this time, we've locked on to … Continue reading Lost All The Money →

Writing Better Risk Statements

I found this post on my computer. I can't remember where it originally was posted (if it was at all), but I found it useful and thought I'd repost it again. Articulating risks in a clear and concise manner can greatly assist your company in making the right decisions. A typical example of poor communication … Continue reading Writing Better Risk Statements →

The RSA 2019 Shortlist

Last week, Thom Langford wrote a post on his RSA 2019 itinerary, which featured some of the sessions he'd shortlisted to visit. I found it to be a useful list, and thought I'd try compiling my list of vendors I'd put on my shortlist to find out more about. My employer AT&T Business - 5545 … Continue reading The RSA 2019 Shortlist →

The attitudes of credential sharing

My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !! — Nadine Dorries (@NadineDorries) December 2, 2017 This tweet by member … Continue reading The attitudes of credential sharing →

Undermining security and weakening Android

I have Amazon Prime, I quite like their shows, and whenever I have some time to kill I’ll watch an episode or 3. A couple of weeks ago, I thought it would be a good idea to install the official Amazon video app on my android device, so that I could download episodes and watch … Continue reading Undermining security and weakening Android →

When culture eats awareness for breakfast

European startup CLTRe founded by Kai Roer has spent the last couple of years examining the security awareness and user behaviour problem through the lens of security culture. Based on findings over the course of 2016, CLTRe has produced its first annual Security Culture report, co-written by Roer and Gregor Petric, Ph.D., an Associate Professor … Continue reading When culture eats awareness for breakfast →