Blog Post

jm hearted

Things I hearted last week

For the week ending 26th June 2016

OSSEC 2.9 release.

An Australian healthcare system using MS-DOS 6.22 is being taken to court to force upgrade. 

Paypal dumped cloud company after it refused to monitor customer files.

Microsoft extends its support for Docker containers.

How celebrity twitter accounts are getting hacked.

Want to stop people filming at gigs? Here’s the phone prison. I expect a prison for wearables is next…

What’s in a Red team and why aren’t companies deploying them?

A paper which reverse engineers Netflix’s CDN and estimates traffic volume.

Is the security profession too arrogant?


muckerberg pro

Muckerberg Privacy Pro

Do you worry about your privacy? Concerned that hackers or governments may be watching you through your laptops webcam, or listening in through the microphone. Well worry no more and buy the patent pending Muckerberg Privacy Pro.

jm hearted

Things I hearted last week

For the week ending 19th June 2016

I asked attendees at Infosec if businesses were ready for GDPR

When cybersecurity research leads to jail, an article on research and disclosure challenges.

You’re probably aware that Microsoft acquired Linkedin. Ben Thompson at Stratechery (I am never sure how to pronounce that) wrote a good analysis  of the deal.

Michael Cote is an ex-colleague and one of my favourite analysts. He also added some good observations about the MS – LinkedIN deal in his newsletter in which he sums it up as, “Overall it’s weird – but it’s not dumb-weird”.

Steve Lord has been at it again – harming and corrupting IoT devices. This time in his post, Building the Internet of Wrongs. 

On conference talks, this post by Ian Amit has some great tips on how to frame and setup a talk.

So Your CISO Owns Your Cybersecurity Risks?

Really good insight around running a public bug bounty.

Deceptive Facebook ads (say it isn’t so)

An IT worker at the Panama Papers law firm has been arrested.

First Public Release of Keystone, the ultimate Assembler.

David J Bianco has a great resource for threat hunters.

Really nice analysis by Rob Fuller / Mubix : Linkedin NXDOMAINs – Purchased Pwnage

Things I hearted Last Week

For the week ending 12th June 2016

Last week Infosec drew the crowds to London. I wrote a short writeup on how we found it on the AlienVault Blog

William Hague was one of the keynotes at Infosec (btw, do conferences use ‘keynote’ synonymously with ‘talk’ these days? It seems like everything is a keynote.) In which he not so subtly hinted that it was not wise for technology firms to implement unbreakable encryption.

“Initial attempts by us to disclose privately to Mitsubishi were greeted with disinterest.” A writeup of the car hack by Pen Test Partners

As Government launches ‘Verify’ scheme, our digital identities are becoming more important than we realise

Cyber by any other name would smell as insecure. Dr. Jessica Barker gives a viewpoint on why we should embrace ‘cyber’ as a term.

Powershell Empire Stagers 1: Phishing with an Office Macro and Evading AVs

When cybersecurity research leads to jail time.

The Grugq asks an important question. why ransomware? Why Now?

A Thirsty Nation: Supply and demand of Information Security Professionals in the U.S.


jm hearted

Things I hearted last week

For the week ending 5th June 2016

My feeds were pretty much taken over with the sad news that  boxing legend Mohammad Ali has passed. So, a slightly lighter than usual weekly roundup.

What do you do when you’re Jerry Gamblin and messing around with Docker? Simple, you build KaliBrowser to run in a container with a full web gui.

Some good arguments on this PortSwigger post, like why lack of HTTPOnly is less of a concern.

An employee who moved firms and took client data with him has been fined £300. OK, it is not a bank-breaking amount, but it shows the ICO is willing to try and enforce it’s intent to prosecute more people as a way to raise awareness. Or something like that. Maybe the ICO should read this report which states half of ex-employees retain access to company networks.

Reducers are fuzzers.

Another day, another wordpress vulnerability.

Apparently running a ransomware ring can net you $90,000 a year. 

Woman spends 2.5 years in and Argentinian prison after falling for romance scam

Finally – This week is Infosec and BSides London. Host Unknown is proudly sponsoring BSides London in the most important way possible!