Category Archives: Video

irresponsibility

Accepted the Risk

One could argue that life is all a series of risks. Sometimes we remain in a state of ignorant bliss. Other times, we are aware of risks and take measures to mitigate it. But sometimes we choose to accept the risk.

Accepting risk is not a bad thing. Quite the opposite. Without risk acceptance, there would be no innovation. The reservoir of great ideas would dry up and bankers would have to make do make ends meet with mere six figure bonuses. Risk acceptance is the grown up thing to do. “We understand the risk, and chose to accept it. It’s the cost of doing business.”

But the question is whether some of the risks businesses accept are “unreasonable”. Like creating a toy that captures children’s information. Such as their name, address, birthday, photo, parents details, and allergies – then taking this information and putting it on an insecure website.  We don’t mean a website that is accessible over HTTP minus the S. But a website so insecure that it makes OWASP training websites look ‘military grade secure’ by comparison.

Thankfully though, whenever a company is breached and millions of customer records are exposed – a company can merely shrug and say sorry.  All the time while assuring they ‘take security seriously’.  Customers don’t like it.  Troy Hunt will upload the data to haveibeenpwned.com and the world will grit their teeth and take it.  This is the seedy world of corporate risk acceptance.  The terrifying underbelly of cyber-actuarial tables (if such a thing exists).

The point is that you can’t innovate and deliver new functionality to customers by building a secure website. Or waste precious time ensuring your hardware is hacker-proof. If you do, your competitors will have leapfrogged you.  Not to mention, no customer would want to pay a premium on your offering just because you say it’s more secure than the others.

Or maybe the real question is “how secure do I need it to be?”.

(Cross-posted from HostUnknown.tv)

Screen Shot 2016-01-17 at 23.33.43

A day with Troy Hunt

I found myself driving to meet someone I only knew from the internet. You never can be sure how these things will pan out. Luckily for me, I was meeting Troy Hunt.

If you don’t know of Troy, he is a super cool guy from Australia. Which means he uses the word “mate” a lot and likes vegemite.

I’ve followed Troy’s blog for several years and have learnt many things from his technical insights. It’s no exaggeration that there isn’t a single other blogger from whom I’ve learnt so much.

So, when I found out he was visiting the land of Her Majesty, I could not let the opportunity to meet pass me by.

A few things I learnt from this meeting with Troy:

1. He is a genuinely nice guy.

2. He is considerably taller than his profile picture will lead you to believe.

3. He hates the EU cookie law with a passion!

Check out the video for a glimpse of some of the conversations we shared.