10 infosec conversation starters

I recently had my 17 anniversary… which is almost as long as I’ve been working in information security.

Information security is great for communication, and communication is great for all relationships and friendships.

Exploiting browser password logins

The cool researchers over at freedom to tinker found two scripts that exploit browsers built in login managers to retrieve and exfiltrate ID’s.

Below is the email I sent, and the reply from OnAudience

 

 

The script that OnAudience uses can be found here

if you have time, check out this tweet thread between Carl and AntiSocial Engineer as they discuss the law vs what happens (or should happen) in reality.

Meltdown

If everyone and their dog is talking about Meltdown and Spectre, then it would be negligent of me to not keep up with all the cool kids.

Website for the vulnerabilities: Meltdown Attack

Google Project Zero blog

NCSC’s advice

Linus Torvalds statement

Security Terminology

Work for long enough in one industry for any period of time and you end up speaking an entirely language altogether. This isn’t necessarily a bad thing, in many cases it’s convenient and allows rapid communication amongst peers.

However, in Information security we need to be mindful when communicating with non security, or even non technology users and simplify the messaging as much as possible.

To put my theory to the test, I gathered a bunch of frequently-used terms and asked my non-tech friend if he could decipher what they meant.

Of course, many users would never even feel the need to use or understand some of the terms, but I threw them in there just for fun.

Welcome to 2018

I thought I’d kick off the new year by poking around the news stories, surely not much could have happened. But quite a lot did unfortunately.

In the video are the top 3 stories or headlines that caught my attention, but more importantly, I think we should make a pact to stop using these buzzwords this year.

My current suggestions are to replace these words as follows

Machine Learning = Magic
AI = Witchcraft
GDPR = The MacGuffin

Hope you have a great 2018 ahead of you.

Infosecurity magazine Look back over the year

Honoured to be the guest editor for Infosecurity Magazine yesterday.

It was a day of fun which involved several things:

1. The announcement was made, which included this video

2. I took over their twitter account for an hour (brave of them)

3. I submitted a guest editorial

4. Had a Q&A with the real editor, Eleanor Dallaway

All in all, it was a great day and I ended up appreciating Eleanor’s job a whole lot more!

BSides Lisbon

It was my first time in Lisbon, it was my first time keynoting at a Bsides… what could possibly go wrong?

Thanks so much to the whole team and attendees at BSides Lisbon for a fantastic event!

You can read my full writeup on the event over on my AlienVault blog. It includes a link to my entire keynote.