Anytime we discuss security, it's mainly to talk about the failures. So I'm taking time out today to spread some positivity to all those security folks that have made it through the week without an incident occurring.  

via IFTTT After its 2015 breach, the Information Commissions Office (ICO) has released a very thorough report which highlights a number of deficiencies in Carphone Warehouse's security. I've summed up some of the key points in dramatic fashion The report well worth a read: http://ift.tt/2AM6B7B

It dawned on me, that I've never written a browser extension before. And there are words IT Security articles continually overuse that I wish they wouldn't. So, I combined both these together and wrote a chrome extension that would change commonly misused words to something a little more interesting. Examples: - IoT becomes 'cheap connected … Continue reading Uncybered →

I recently had my 17 anniversary... which is almost as long as I've been working in information security. Information security is great for communication, and communication is great for all relationships and friendships.

The cool researchers over at freedom to tinker found two scripts that exploit browsers built in login managers to retrieve and exfiltrate ID’s. Below is the email I sent, and the reply from OnAudience     The script that OnAudience uses can be found here if you have time, check out this tweet thread between … Continue reading Exploiting browser password logins →

If everyone and their dog is talking about Meltdown and Spectre, then it would be negligent of me to not keep up with all the cool kids. Website for the vulnerabilities: Meltdown Attack Google Project Zero blog NCSC's advice Linus Torvalds statement

Work for long enough in one industry for any period of time and you end up speaking an entirely language altogether. This isn’t necessarily a bad thing, in many cases it’s convenient and allows rapid communication amongst peers. However, in Information security we need to be mindful when communicating with non security, or even non … Continue reading Security Terminology →

I thought I'd kick off the new year by poking around the news stories, surely not much could have happened. But quite a lot did unfortunately. In the video are the top 3 stories or headlines that caught my attention, but more importantly, I think we should make a pact to stop using these buzzwords … Continue reading Welcome to 2018 →

Honoured to be the guest editor for Infosecurity Magazine yesterday. It was a day of fun which involved several things: 1. The announcement was made, which included this video 2. I took over their twitter account for an hour (brave of them) 3. I submitted a guest editorial 4. Had a Q&A with the real … Continue reading Infosecurity magazine Look back over the year →