Vuln disclosure

CRASS – Vulnerability Disclosure

After a very slow 2014, Cynical Rants About Security Stuff – or CRASS for short (unfortunate and unintentional) is my attempt at being more regular in publishing content. The idea is that once a week I’ll ramble for a couple of minutes on any given topic.

This week I rant about the vulnerability disclosure process and how Google and Microsoft arguing publicly doesn’t really help anyone. There are some football (soccer) references that I’m sure all my US-based friends will totally understand.

I won’t write up all my thoughts on the topic as I’ll be covering ground that many have already written about. If you’re interested in finding out more, or exploring other opinions on the subject, then I recommend checking out the following

Rob Graham: A call for Better Vulnerability Response

 Space Rogue: In the beginning there was full disclosure

and Steve Ragan: Microsoft blasts Google for vulnerability disclosure policy

jimmy hat

A friend with photoshop is all you need

Jimmy is a good guy – I like him, he works in security and trains MMA. Which means if he can’t gain access to your server, he’ll simply beat the password out of you.

Then he posted this picture on twitter in a cowboy hat. Ridiculous cowboy hat

As they say, a little photoshop is a dangerous thing – and the temptation was too great to not take advantage of the opportunity.

1 brokeback

Which led to the birth of Jimmy Sozé

2 usual suspects

This got Jimmy a bit worked up, so I challenged him to a duel.

3 duel

He said he’d kill me – to which I said that’s a crime punishable by hanging till he’s dead, dead, dead!

4 hang em high

The subsequent barrage of messages proved that Jimmy was indeed unchained. Read more

The greatest story ever told

It’s December – and it’s kind of a tradition that every year I get together with the fine folk at Twist and shout to make a Christmas video.

This year, however we decided to do something different, so along with my Host Unknown companions Thom and Andy, we set out to do something serious that captures a great story.

The Greatest Story Ever Told from Twist and Shout on Vimeo.


To see where the Christmas tradition started, check out Santa gets hacked and it’s sequel below.


Santa Gets Hacked! from Twist and Shout on Vimeo.



Santa Gets Hacked – Aftermath from Twist and Shout on Vimeo.

Keyboard Gladiator

On my command (line) – Unleash Hell



Keyboard warriors are so last year… now keyboard gladiators – that’s something I could get behind!



Seasons Greetings

We outsourced our greeting card this year to a professional marketing company company. As part of the suggested monetization strategy, we can’t be giving away stuff for free anymore! Enjoy 🙂