cyber security The dangers of default credentials Default credentials are useful for logging in to systems initially, but shouldn't remain in place afterwards.
hacking my old blog Hacking my old blog: part 4, security fixes To finish off the series, I discuss some of the mechanisms that could have been used to protect my old blog.
cyber security Dealing with low hanging fruit Deal with the easy quick wins before you have an external testing team perform their audit.
cyber security My CISSP experience In early September 2020 I studied for the CISSP at an intensive six day course.
cyber security "We have conducted a review to ensure this never happens again" If you're going to claim to have "conducted a review" you need to make sure your response is appropriate and useful.
cyber security Dealing with Ransomware - a real life tale Thinking clearly during a ransomware attack is key, helping to save your data.
cyber security Permissions vs authority A discussion of the differences between "having permissions" and "having authority".
eVitabu Why we chose OAuth for eVitabu User authentication is an important consideration when designing any system. Here's how we decided to use OAuth for eVitabu.
conference Towards a safe and secure smart world (conference) A summary of my key take aways from January's conference.
cyber security Learning from cyber attacks Cyber attacks are a regular occurrence, and it's important that we learn from them.
cyber security Reusing paper - good for the environment, risky for privacy It's important to review the paper you re-use to avoid leaking confidential information.
cyber security Delegated trust vs Web of Trust The difference between the web of trust and delegating your trust to a third party.
cyber security Password cracking and how it can help your organisation Password cracking can be an invaluable tool when it comes to checking your organisation's password hygiene.
home automation Thoughts on home automation / smart homes - security (part2) Considering privacy and security with the IoT and smart homes.
cyber security What is a Next Generation firewall? A look at Next Generation firewalls and the extra services they often provide.
cyber security Kent Cyber Security Forum 2019 A short write up following the Kent Cyber Security Forum 2019.
ethics A question of ethics: disclosing security vulnerabilities When you've found a vulnerability, bug or data leak how do you report it? This post looks at the considerations for disclosure.
ethics A question of ethics: filtering and censoring the Internet What's the difference between filtering and censorship? This is a fine line and something I discuss following years of managing web and email filters.
ethics A question of ethics: illegal discoveries during a penetration test Sometimes evidence of crime can be found during penetration tests, so what do you do? I'll discuss the various dilemmas professionals face following some Twitter research.
ethics A question of ethics: investigating users Thoughts on being fair and considerate when investigating others.
ethics A question of ethics: deleting emails from user mailboxes A discussion about the ethics of deleting emails from someone else's mailbox.