I recently saw that researchers had published their findings on security flaws in RC4 in TLS which led to some articles being churned out with eye-catching heading such as “HTTPS is broken”. A decent write-up on the issue can be found on the Naked Security blog. But this got me thinking about the whole relationship security … Continue reading HTTPS is broken? →

I can now tick RSA off the list of major conferences I have yet to attend. With near continuous back to back meetings, severe jet-lag, a gathering of a ton of great people, lots of walking and hardly any sleep made it one of the most demanding conferences I have attended as an analyst… but, … Continue reading RSA 2013 and Bsides San Francisco →

Persistent Threats (yes, I dropped the advanced) get a lot of airtime, but if there ever was a case for a persistent vulnerability (PV), you'd have to imagine SQL injection (SQLi) being the grandmother of them all. Ever since SQL databases have been used, input fields have been vulnerable to SQLi. If you were to … Continue reading SQL Injection →

We've passed the mid-way point of January, but we thought it would be a good idea to share some resolutions and predictions for the year.   As you can tell, we didn't do a very good job of agreeing on anything. I've been warned by Girl Cynic not to be making any more predictions for … Continue reading Resolutions and Predictions →

Ever visit a European website and wonder what that message means that generally pops up telling you they use cookies? Well all is about to be revealed.

This isn't a real video, it's one of those ones where we just take a look over all the videos we made over 2012 and make random comments. We had a great year making videos, hope you enjoyed watching them too. Leave a comment - what was your favourite video this year?  

What is the most stupid thing from an infosec perspective on the internet? Surely nothing tops the recklessness of those kids who get their first debit or credit card, take a picture and post it on the internet. The problem is so widespread, there are several twitter accounts setup specifically for the purpose of tracking … Continue reading The most stupid thing on the internet →

This video was inspired by the blog post by @ErrataRob entitled "You are committing a crime right now"  which was based upon the legal woes of Andrew Auernheimer aka Weev who recently got convicted for accessing stuff that AT&T just put out there on the internet.

In this action-packed episode we talk about how best to name a new infosec product. Before we get to that though, we give a reverse shout out to @zyx2k as he kindly mentioned us in a talk he gave... so we mentioned him because he mentioned us and I guess now he's got to mention … Continue reading Naming an infosec product →

A lot of companies let employees bring their own devices, like mobiles to connect to work and be more productive at less cost - but how do you manage the data on these devices that aren't owned by the business? What happens when someone loses the phone? As long as you can track it down, … Continue reading BYOD (Bring your own device) →