Think like a hacker

“You need to think like a hacker” This was the sage advice being given out by an industry veteran in response to a question about working up the infosec ladder. I started nodding in agreement but then stopped  myself mid-nod. Thinking like a hacker is a great statement to make. It can  fit comfortably  into […]

10 reasons Girl Cynic is better than J4vv4D

A fracas over a fracas and Girl Cynic is out on a mission of world domination.

TV’s and the internet of snooping

Much fuss was made when Samsung’s smart TV’s privacy policy was bought to light by @Xor on twitter that it bore an uncanny resemblance to features mention in the book 1984.   Left: Samsung SmartTV privacy policy, warning users not to discuss personal info in front of their TV Right: 1984 — Parker Higgins […]

CRASS: Camerons Crypto

British PM David Cameron has probably spent many a night fantasising about giving intelligence agencies the ability to intercept and read any form of online communication. Think of the kids, think of terrorism, think of all the problems that could be solved if we had open and transparent communication. You know, like being able to […]

Is there a traitor in our midst?

Usually my research ends up behind the 451 paywall, but I noticed the good folk at Guidance Software have made one of my recent reports ‘free’ to download at their site behind a registration wall. It’s part of research I’m doing looking at the insider threat market and I’d be interested to hear your views […]

CRASS – Look back at 2014

With January 2015 coming to an end and 2014 seeming like a distant memory in the rear-view mirror, I thought it was a good time to reflect upon some of the notable security incidents and the impact they’ve had (if any) in the long term. There were many to choose from – which is great […]

CRASS – Vulnerability Disclosure

After a very slow 2014, Cynical Rants About Security Stuff – or CRASS for short (unfortunate and unintentional) is my attempt at being more regular in publishing content. The idea is that once a week I’ll ramble for a couple of minutes on any given topic. This week I rant about the vulnerability disclosure process and […]

Cracking wifi passwords with Kali Linux

I haven’t really done a technical walkthrough type video and I now remember why I never did. These things are hard to do and involve two of my least favourite elements of video-making, screen captures and voiceovers. Which is why I always tip my hat to Vivek and his great tutorials over at The […]

The Cynic’s guide to ISO27001

Nearly every security practitioner is familiar with the ISO27001 standard for information security. A lot of companies base their internal security policies on it and third parties use certification to it as a gold standard. But, what do the statements, recommendations and controls actually mean? Working for very large organisations, I learnt them to mean […]

(ISC)2 Congress 2014

This years (ISC)2 congress was held in Atlanta, GA. I’d heard of Atlanta being referred to as ‘Hotlanta’ and was warned of the humidity that prevails, but fortunately I caught it at the right time of year where the weather was quite pleasant. The conference itself appears to have grown over the last two years […]