Becoming a thought leader is the epitome of professional success. But a thought leader isn’t a title that one attains by going to Harvard, or Cambridge. No, it’s a title bestowed by your peers.

So how does one become known as a thought leader? Simple, just watch this video and follow the awesome advice given by me and @SpaceRog


I’m truly honoured to have been invited to keynote at Bsides Lisbon this year on November 10th.

It’ll be the first time I’ve visited Portugal, and the first time I’ve keynoted at a Bsides. Ordinarily I’d probably be feeling a bit apprehensive of speaking at a conference that I haven’t even attended, let alone keynote at.

But that’s one of the great things about BSides events – no matter where in the world you attend them, they have a familiar sense of community that welcomes you. Even if you walk in knowing no-one, you are sure to end the day having made half a dozen new friends.

So, it may be the first time I’ll be in Portugal, and the first time I’ll be attending BSides Lisbon – but it feels oddly familiar.

Hope to see you there.

via IFTTT Someone asked me if there are any unusual or legitimate uses for ransomware.

If you break down what ransomware is, it’s just encryption. But it’s more like “surprise” encryption where someone else does the encryption, and keeps the key.

So, I present five unorthodox ways to use ransomware in this video.

However, if you want to learn more about ransomware, and in particular open source ransomware, much of which is available freely on GitHub, then I recommend watching the Bsides London talk by Chris Doman on why sharing isn’t caring.

T-shirts are among the most popular giveaways at security conferences. They’re great, practical, and serve as walking advertisements.

But if you go to enough conferences, you’ll usually find yourself accumulating far too many shirts.

There are only so many shirts you can use to wear when working out, or doing DIY projects, or as rags to clean up spills.

I was looking for easy (no sewing involved) ways to upcycle some shirts, and in this video, this is what I came up with.

via IFTTT Recently, security researcher Leigh-Anne Galloway (@L_AGalloway) found a vulnerability on Myspace, my first thought was amazement that Myspace still existed.

It’s one of the sites that seems to have been lost in the digital abyss, like tears in the rain.

The details of the vulnerability (which appears to have been fixed now) can be found here:

While it’s easy to poke fun at an ancient website with a security flaw, there can be serious consequences as a result. Older sites like Myspace form something of a digital cemetery. Except, data isn’t dead, it’s just abandoned.

So what happens when a website that was once heavily used is left? In these situations, the best thing would probably be if the website shut down altogether.

However, in many cases a website like Myspace limps along. Sometimes trying to reinvent itself, other times acquired by a larger company, stripped of its assets, and thrown into the corner.

Without regular maintenance or monitoring, such websites can easily become derelict, like a building with a leaky roof, occupied only by squatters.

The onus on any website operator, regardless of popularity, or relevance is to maintain good security. Particularly around registration, forgotten password, and forgotten accounts.

The lack of maintenance can expose the data of legitimate users of the service. This could range anywhere from a mild inconvenience, to embarrassment, to being able to leverage for a full on attack.

As users, there is little power one has over how a website is maintained. But, if one has stopped using a service, they should look to move and delete any and all data that may be on there. It is usually not sufficient to simply disable or delete an account, as in some cases these can be reactivated.

It’s an interesting situation that is new to a generation of internet users. What digital ghosts will haunt a generation in their retirement from posts they made when they were full of youthful exuberance?

Spent a day with the BBC, and hosted a tweetchat. Just an ordinary day, no biggie.Link to the tweetchat moment:

Tweetchat blog isn’t about, but keep your eye on for info

One man, two conferences, three days.

The conferences

My band, Host Unknown

It’s a parody deliberately intended to be as bad as possible as a form of artistic expression depicting the state of security in the world today set against the backdrop of the rise of ransomware. Seeking to answer the mysteries of humans, life, and the universe.

A theory based on macroeconomic factors. Clearly, bad people that want to do bad things will always find a way.

Definitely not talking about Petya

If you were asked to pay a million dollars to get your files back… would you?

If you don’t know Wolf Goerlich, you should check out his youtube channel. He started less than 2 years ago making short security videos during his commute to work.

This method of utilising his commute time for something practical, coupled with his consistency has allowed him to build up a large collection of, well effectively free consultancy.

I think I can learn from these traits… and possibly apply them to security.


Whenever a calamity befalls, it’s only natural for people to try and rationalise and identify the problem.

As is now happening with the WannaCry ransomware outbreak that affected the UK’s NHS service, and other services in over 100 countries. People are discussing what should have been done to prevent it.

On one hand, there’s a debate ongoing about responsible disclosure practices. Should the NSA have “sat on” vulnerabilities for so long? Because when Shadowbrokers released the details it left a small window for enterprises to upgrade their systems.

On the other hand, there are several so-called “simple” steps the NHS or other similar organisations could have taken to protect themselves, these would include:

  1. Upgrading systems
  2. Patching systems
  3. Maintaining support contracts for out of date operating systems
  4. Architecting infrastructure to be more secure
  5. Acquiring and implementing additional security tools.

The reality is that while any of these defensive measures could have prevented or minimised the attack, none of these are easy for many enterprises to implement.

… Read the rest of the post here

I work from home. To some this seems like the ideal situation, and in many ways it is. My commute to the “office” takes 30 seconds, I never get caught up in traffic, there’s always good food, and I don’t have to worry about what I’m wearing.

But there are many downsides to a home working arrangement too. You need to be self-disciplined and maintain a routine, otherwise you can end up working all hours of the day and night.

Cabin fever also begins to set in. There’s literally nothing new to talk about with the family. There’s no walking through the door in the evening and asking the family how their day was. Because you are with them all day and know exactly how eventful or not the day has been.

Perhaps, the one thing I miss the most is having the social interactions that you get when working in an office. Sure, communications are great, you can email, instant message, or video call colleagues. But it doesn’t replace the casual banter by the coffee machine or being able to bounce ideas off each other quickly and easily.

When you work from home, it’s very easy for the family to forget that you’re working. After all, to the untrained eye, all you are doing is sitting and staring at a computer all day long. So it becomes very easy for them to ask you to run a quick errand to the shops, or agree to attend a school meeting without checking first. Or the worst, is interrupting you when you’re deep in thought on work, or are in the middle of an important conference call.

So combat this, I’ve tried different techniques to illustrate when I’m busy so as to keep the kids from making me a viral sensation. I’d be lying if my techniques have been 100% effective. So interested in hearing from home-workers what has or hasn’t worked for you.

There’s a lot going on in the world about governments snooping on citizens, and hacker groups trying to gain control over your facebook.

While these are genuine concerns, it probably shouldn’t be the biggest worry for most citizens. It is always easier to point the finger at a boogeyman, and blame all your woes on it.

Rather, let’s turn this around and see what can we do to protect ourselves, and those around us better.

I’m by no means advocating shunning technology altogether, but rather to be more mindful of what you are sharing online and with whom. When you need to fill out an online form in order to get internet access, do you really need to answer everything truthfully with your real name, address, and date of birth? Do you really need to share details of all your holiday plans in advance?

What about privacy settings on social media? Does it really need to be completely open to the public?

It requires a bit of discipline, and it won’t work in every instance, but by taking a few steps and building them into your online habits, you can take back a bit of control of your privacy.