twitter facebook rss

Misleading Certificates

Posted by Robert Schifreen on March 12, 2016

I’ve been training people in security awareness for a long time now. It’s how I make my living. One of the topics I always cover is how to use the web safely. You’ll notice that I refer to using the web, rather than browsing it. That’s because the web nowadays is a two-way process. We […]

CISSP Study Guide Reviewed

Posted by Robert Schifreen on January 7, 2016

I’ve always been a bit cynical when it comes to professional IT qualifications.  They have their values, for sure, but you need to be sure that the certification you’re studying for, or recruiting against, isn’t merely a marketing ploy by a vendor.  Sure, you can be pretty confident that someone with a Microsoft or Cisco […]

Nessus Cloud

Posted by Robert Schifreen on November 27, 2015

As the saying goes, you can’t manage it if you can’t measure it.  In the field of IT security we can extrapolate that to “If you don’t pentest it, you can’t secure it”.  Because in order to secure a system, you really need to know where the weaknesses are. A couple of months ago, I […]

On SQL Injection

Posted by Robert Schifreen on October 23, 2015

I spent some time last weekend building a new web server. Actually, I lie. I spent pretty much all weekend building it. I haven’t named it yet but this machine will probably be the exception to my normal rule of calling machines after Radio 4 shipping forecast areas. This one, because it wasn’t built in […]

Crypto Is Hard

Posted by Robert Schifreen on October 23, 2015

There’s much talk in the media at the moment about the latest attack on telecoms company TalkTalk.  The company says it’s possible that information on all of its 4 million customers could have been stolen by hackers, and the information includes bank and credit card account data.  It also sounds as if the information was […]

Warning – Broken Firewall Ahead

Posted by Robert Schifreen on August 8, 2015

I’ve spent the past couple of days trying to make a Billion router (specifically a model 7800DX) act in a vaguely secure manner.  This has proved way more difficult than it should be, and I think it has some worrying implications for anyone who uses this hardware in the expectation that it’s protecting their network. […]

Don’t Hinder Trust

Posted by Robert Schifreen on May 17, 2015

As security professionals, we continually warn users of the dangers of clicking through to suspicious websites.  Or at least, we should do.  Defining “suspicious” is not easy, and we all have our own way of dealing with that.  I, for example, generally start by explaining the benefits of never entering personal data into a site […]

The Sticky Problem Of Public Passwords

Posted by Robert Schifreen on May 2, 2015

Close your eyes. Let me take you back in time for a moment. It’s 1985. I’m into hacking and you’re an IT manager. You ask me how I manage to break into all those computers. Is it, you wonder, because I’m a really clever hacker who knows how to defeat the technology?  Actually, no. It’s […]