British Airways breached

I got the dates wrong in the video, should have said 21st Aug to 5th Sept. But, this is me looking at the whole incident as a customer, not as a security professional. I received the email notification from British Airways informing me of the breach and the fact that customers payment and personal information … Continue reading British Airways breached →

Security in the cloud

This video was prompted by discussions with someone that was adamant that they would never, never, everrrrr put their logs in the cloud. I enquired as to why they weren't open to the option, and their response was that they don't believe that sensitive information like logs should be in the cloud. Now that's all … Continue reading Security in the cloud →

What is AlienVault

It’s coming up on my 3 year anniversary at AlienVault - and after a conversation with a friend, it dawned on me that I don’t think I’ve ever really explained what AlienVault does. So, when I was in Austin this last week I recruited some of my colleagues to help make this short video to … Continue reading What is AlienVault →

I think I’ve been hacked

A lot of individuals and companies of all sizes often use the phrase where they 'think' they've been hacked or breached, or had some form of unwanted event. There is usually a lack of conviction in this statement, and in hindsight it's not easy to validate. Sure, one could use a service like haveibeenpwned.com to … Continue reading I think I’ve been hacked →

19 ways to say “Good job” to your security colleagues

Anytime we discuss security, it's mainly to talk about the failures. So I'm taking time out today to spread some positivity to all those security folks that have made it through the week without an incident occurring.

Carphone Warehouse fined

via IFTTT After its 2015 breach, the Information Commissions Office (ICO) has released a very thorough report which highlights a number of deficiencies in Carphone Warehouse's security. I've summed up some of the key points in dramatic fashion The report well worth a read: http://ift.tt/2AM6B7B

Uncybered

It dawned on me, that I've never written a browser extension before. And there are words IT Security articles continually overuse that I wish they wouldn't. So, I combined both these together and wrote a chrome extension that would change commonly misused words to something a little more interesting. Examples: - IoT becomes 'cheap connected … Continue reading Uncybered →

M&A Mania

2018 has kicked off with a flurry of M&A activity in the infosec space. There have been four that I've been aware of, Barracuda acquired Phishline Cyxtera acquired Immunity Inc Verizon acquired Niddel Threatcare acquired Savage Security I wonder how many more deals will be announced between now and RSA. Either way, it looks like … Continue reading M&A Mania →

10 infosec conversation starters

I recently had my 17 anniversary... which is almost as long as I've been working in information security. Information security is great for communication, and communication is great for all relationships and friendships.

Exploiting browser password logins

The cool researchers over at freedom to tinker found two scripts that exploit browsers built in login managers to retrieve and exfiltrate ID’s. Below is the email I sent, and the reply from OnAudience The script that OnAudience uses can be found here if you have time, check out this tweet thread between … Continue reading Exploiting browser password logins →