One of the less fun aspects of moving countries is that you're a walking edge-case for many IT systems. Being an expat also means becoming intimately familiar with all of the differences in how government services verify the identity of their users.Read More
We need to take two things much more seriously: the security of our supply-chain, and the security of our baseboard management controllers.Read More
Having 50 million accounts breached is bad enough, but the bigger issue is that a huge number of third-party services use Facebook to authenticate their users.Read More
In a modern DevOps environment, development teams manage the security of their own systems. In an environment where deployments happen several times a day, this model scales far better than the historical practice of security acting as a gatekeeper to production.Read More
Everything we do in the security industry is a trade-off between convenience and security. The important thing is to be honest about the compromises you are making, and why they are necessary.Read More
In my last email I mentioned Alex Stamos' Twitter takedown of the 'Digi-ID' authentication solution. Buried in the exchange was a mention by Stamos of the Web Authentication standard, which is something you'll be hearing a lot more about in coming months.Read More
This is a very simple trick for catching shells locally on a device which doesn’t have a public IP, such as a laptop sitting behind a NATted Wi-Fi network.
This is a transcript of a speech made on 28 October 2014 to Heathfield High School, my alma mater. Heathfield is located in the Adelaide Hills, South Australia.Read More