How Secure Is Your iPhone?

Feb 27, 2023 | Articles, Podcast, Posts

The Wall Street Journal has written an article that will challenge your belief on the security of your digital life. It reports on how a basic iPhone feature can allow criminals to steal your entire digital life. This basic feature is your pass code and the technique...

Your Website Might have an Unknown OSCP Dependency

Mar 12, 2020 | Articles, Posts

A few weeks ago, a friend who looks after a web server had an outage on their website and asked me to help troubleshoot. The cause of the outage surprised me and is the reason why I’m writing about it. The website outage was due to a dependency it had on the server of...

My Thoughts on FAIR

May 15, 2019 | Articles

photo taken from yorkfair.org I recently completed the FAIR analysis fundamentals course and here are my thoughts on it. FAIR stands for Factor Analysis of Information Risk, and is the only international standard quantitative model for information security and...

Rapid Risk Assessments

Oct 12, 2018 | Articles, Posts

That was the main take away for me from today’s talks by SANS instructor Eric Johnson. He was in the country running a workshop and talk at AISA conference in Melbourne and SANS contacted me if I was interested in having him doing a private talk to the team. I was...

Gamified Learning – Application Security

Oct 10, 2018 | Articles, Posts

Today we had a combined application security event with another tech company.It was the first time we ran the combined event and it involved security champions from both companies. We had planned on spending the morning reviewing 4 security concepts; XSS, CSRF, RCE...

Trust your CDN but verify with SRI

Jun 15, 2016 | Articles

I attended a Sydney SecTalks meetup last night which talked about the dangers of Content Delivery Networks being compromised (CDNs). Lots of websites source their javascript and css resources from CDNs to improve their website’s performance. Examples of CDNs are...