Stop hackers with these 6 simple steps! (Number 3 will shock you).

Hackers are everywhere, but they’re not content with just hacking into banks and stealing the money. They are after you too. Once they get access to your facebook or email account, they can read all your private messages, send out rude messages that claim to be from you, and generally ruin your life.

Often they will break into an account because the same password has been reused on different sites.

To help prevent hackers and have a happy ending, follow these awesomely cool and amazing tips that will blow your mind!

  1. Don’t reuse passwords!

Perhaps the biggest contributor is the fact that many people will reuse passwords on multiple sites. Each site and service should have its own unique password.


2. Don’t reuse passwords

Like seriously, don’t do it.

3. Subscribe to

Be notified if any of your email accounts end up in a breach dump.

4. Enable two-factor authentication

So that even if someone guesses your password, they can’t get in with out your fob.

5. Enable two-step verification

Accept that a lot of sites don’t provide or support two-factor authentication, so settle for the less attractive two-step verification.

6. Accept your fate

You discover that not only can you not enable two-step verification, but the website prohibits long passwords and special characters.



Remember I said there would be a happy ending?

Alien Eye in the Sky

Covering the infosec news from the week, so you don’t have to!

Links to stories in the video


  1. The beginning of the end(point): where we are now and where we’ll be in five years
  2. The strange way people perceive privacy online
  3. Tesla responds to Chinese hack with a major security upgrade
  4. Good cybersecurity can be good marketing
  5. Cyber: Ignore the penetration testers:


Other stories of interest

When automated bots were primed to sell the UK Pound

The ethics and morality behind APT reports

Scott Helme went wardriving.

Internet of things botnets – SSH just got real!

Lloyds combats call center fraudsters with new tech

F-Secure pens an open letter to businesses that block VPNs on their free WiFi

Sarah Clarke gives a perspective on GDPR, a personal and professional journey.

Akamai finds longtime security flaw in 2m devices.


Things I hearted last week (and the week before)

It’s been an interesting few weeks which is why I haven’t posted my usual updates. I was out in Vegas for Blackhat and BsidesLV, both of which were great as always. I also had a chance to pop off to visit the Grand Canyon with my partner-in-crime Adrian Sanabria. Video coming soon, but this vine will give an idea of how far we got into the wilderness.


Blackhat was also a blast. AlienVault had a brand new booth design and the interactions were as engaging as always.


Now onto the business end of things.

Do whistleblowers ever win? Researcher who exposed VW gain little.

Remaining on the topic of cars, Auto group pushes best practices for vehicle security

Mozilla to block Flash in Firefox browser – about time.

Bypassing Win10 UAC by using disk cleanup.

A tutorial on Configuring NPS 2012 for Two-factor Authentication

New attack bypasses HTTPS protection on Macs, Windows, and Linux

TrustedSec released version 7.3 of the Social Engineer Toolkit (SET)

People care about privacy, so why won’t they pay for it?

Looking at the malicious side of bad UI. Dark Patterns are designed to trick you (and they’re all over the Web)

Microsoft REST API Guidelines – a good set of principles.

Do you like using a VPN? Well, if you plan on using it in the UAE, you could end up with jail time and a $545,000 fine.

Am I saying that EMET was written to stop Metasploit sourced shellcode? Yup. Pretty much.

Not directly security related, but I found it interesting to read how Starbucks has more money on customer cards than many banks have on deposit. Probably a lot easier to rob than banks too… just saying.

Something that reads like the bug equivalent to national novel writing month. Good writeup on high frequency security bug hunting with 120 bugs in 120 days.

Post-conference season we always get a rash of opinion posts about why conferences are broken or bad. Here’s Alex Stamos’s take Addressing security blindspots through culture

Teen hacker flies to Black Hat on his one million free airmiles


CRASS – Vulnerability Disclosure

After a very slow 2014, Cynical Rants About Security Stuff – or CRASS for short (unfortunate and unintentional) is my attempt at being more regular in publishing content. The idea is that once a week I’ll ramble for a couple of minutes on any given topic.

This week I rant about the vulnerability disclosure process and how Google and Microsoft arguing publicly doesn’t really help anyone. There are some football (soccer) references that I’m sure all my US-based friends will totally understand.

I won’t write up all my thoughts on the topic as I’ll be covering ground that many have already written about. If you’re interested in finding out more, or exploring other opinions on the subject, then I recommend checking out the following

Rob Graham: A call for Better Vulnerability Response

 Space Rogue: In the beginning there was full disclosure

and Steve Ragan: Microsoft blasts Google for vulnerability disclosure policy


A friend with photoshop is all you need

Jimmy is a good guy – I like him, he works in security and trains MMA. Which means if he can’t gain access to your server, he’ll simply beat the password out of you.

Then he posted this picture on twitter in a cowboy hat. Ridiculous cowboy hat

As they say, a little photoshop is a dangerous thing – and the temptation was too great to not take advantage of the opportunity.

1 brokeback

Which led to the birth of Jimmy Sozé

2 usual suspects

This got Jimmy a bit worked up, so I challenged him to a duel.

3 duel

He said he’d kill me – to which I said that’s a crime punishable by hanging till he’s dead, dead, dead!

4 hang em high

The subsequent barrage of messages proved that Jimmy was indeed unchained. Read more

The greatest story ever told

It’s December – and it’s kind of a tradition that every year I get together with the fine folk at Twist and shout to make a Christmas video.

This year, however we decided to do something different, so along with my Host Unknown companions Thom and Andy, we set out to do something serious that captures a great story.

The Greatest Story Ever Told from Twist and Shout on Vimeo.


To see where the Christmas tradition started, check out Santa gets hacked and it’s sequel below.


Santa Gets Hacked! from Twist and Shout on Vimeo.



Santa Gets Hacked – Aftermath from Twist and Shout on Vimeo.

Keyboard Gladiator

On my command (line) – Unleash Hell



Keyboard warriors are so last year… now keyboard gladiators – that’s something I could get behind!