Standing for the OWASP Board

I have formally submitted my name to be in the Board Elections 2014. I am standing for: Reforming the Board. We need to improve the independence, ethics and dispute resolution processes. I will be a root and branches reformer to encourage the Board to make a couple of the positions available to truly independent directors. […]

So your Twitter has been hacked. Now what?

So I’m getting a lot of Twitter spam with links to install bad crap on my computer. More than just occasionally, these DM’s are sent by folks in the infosec field. They should know better than to click unknown links without taking precautions. So what do you need to do? Simple. Follow these basic NIST […]

El Reg and the troubling case of climate denialism

This post is a last resort as I’ve had two comments rejected by the moderators at The Register, one of my favorite IT news websites. Lewis Page is a regular contributor to the Register. For whatever reason, around 50% of his total output there is (willful mis-) reporting on various papers and research on climate […]

Marketing – first against the wall when the revolution comes

A colleague of mine just received one of those awful marketing calls where the vendor rings *you* and demands your personal information “for privacy reasons” before continuing with the phone call. *Click* As a consumer, you must hang up to avoid being scammed. End of story. No exceptions. Even if the business has a relationship […]

Responsible disclosure failed – Apple ID password reset flaw

Responsible disclosure is a double edged sword. The faustian bargain is I keep my mouth shut to give you time to fix the flaws, not ignore me. I would humbly suggest that it is very relevant to your interests when a top security researcher submits a business logic flaw to you that is trivially exploitable […]