We need to take two things much more seriously: the security of our supply-chain, and the security of our baseboard management controllers.Read More
Having 50 million accounts breached is bad enough, but the bigger issue is that a huge number of third-party services use Facebook to authenticate their users.Read More
In a modern DevOps environment, development teams manage the security of their own systems. In an environment where deployments happen several times a day, this model scales far better than the historical practice of security acting as a gatekeeper to production.Read More
Everything we do in the security industry is a trade-off between convenience and security. The important thing is to be honest about the compromises you are making, and why they are necessary.Read More
In my last email I mentioned Alex Stamos' Twitter takedown of the 'Digi-ID' authentication solution. Buried in the exchange was a mention by Stamos of the Web Authentication standard, which is something you'll be hearing a lot more about in coming months.Read More
This is a very simple trick for catching shells locally on a device which doesn’t have a public IP, such as a laptop sitting behind a NATted Wi-Fi network.
This is a transcript of a speech made on 28 October 2014 to Heathfield High School, my alma mater. Heathfield is located in the Adelaide Hills, South Australia.Read More