Primary Content: Home

Winning the Popularity Contest

Recently I took a look at a new social media/dating website and noticed an interesting feature – the site had a sort of “popularity contest” of sorts which runs every 30 days. Users vote on other users, scoring them out of 10 and whoever gets the most points wins their place at the top of the highscore table as officially the “Hottest Member”. So naturally I wanted to win!

Continue reading: Winning the Popularity Contest

A Noob Installed BSD

The year is 2017, the year of BSD on the desktop…at least for me it is. Now as anyone who reads this site regularly will know, I’m pretty good with these com-puter thingies. However – plot twist, I’ve never ran BSD before. I use Mac OS X on a MacBook I have definitely voided the warranty on and for my personal computing and I use Linux, Fedora Security Lab, for the day job. So I’m not afraid of a command line, but at this stage I don’t even know what kind of command line I’ll get with BSD! 

Continue reading: A Noob Installed BSD

Vulnerability Assessments vs Penetration Tests

I occasionally see the terms Vulnerability Assessment and Penetration Test used interchangeably, or worse, phrases such as “Automated Penetration Test” – something that really pains me, as there are very distinct types of assessment. In this article I’d like to show the distinctions between the different types of assessment. Setting aside any argument of specific terminology, I aim to explain the different approaches that can be taken and the aims of each – regardless of what you choose to call them. I aim to assist companies engage with their security assessment providers to ensure that the service they’re getting is what they are expecting and so that they are aware of the alternatives.

Continue reading: Vulnerability Assessments vs Penetration Tests

TLS/SSL Vulnerabilities

“Which SSL ciphers should I disable?”

A client recently gave me a list of their supported ciphers and asked me which SSL ciphers they should disable – effectively looking for the most secure SSL ciphers they can use. Instead of the fast answer of “disable the insecure ones”, I thought I’d try and write up something useful.

So here’s a handy reference guide I’m working on. This has been time consuming to develop and no doubt will be added to over time. This isn’t intended to be read from start-to-finish, but is more of a handy SSL/TLS issue cheat-sheet.

Continue reading: TLS/SSL Vulnerabilities