Configuring for security, privacy and convenience

Balancing security, privacy and convenience is not easy. I've spent quite a lot of time figuring out how to configure my various computer systems with this goal in mind. Computers are supposed to make our lives more convenient and you sometimes have to trade privacy for convenience e.g. Outlook processing emails to allow you to … Continue reading Configuring for security, privacy and convenience →

Should companies be required to publish security reviews?

Many incidents of fraud occur not through cards being physically stolen, but through breaches in security at the shops we buy products from. Should companies be required to publish security reviews?

Email is not a good database

Email is insecure. Anything of any importance should be saved somewhere else. It's not a good database, so shouldn't be treated like one.

Cyber security and leaving the door unlocked

When it comes to insurance, it’s the same as locking up and installing an alarm

We’re still in v1.0 of the cyber security industry

Unlimited attack surfaces. Users not paying attention to basic security practices. Vague vendor promises. It looks like a very immature landscape where things are just getting started.

The state of secure, encrypted messaging

Everyone should have an expectation of being able to communicate with someone else in a verifiably secure manner. I have a particular fascination with secure communications and encryption and I’ve spent a lot of time thinking through my own pragmatic approach to secure messaging. This is my write up of the current state of things … Continue reading The state of secure, encrypted messaging →

Home Office Investigatory Powers regulations consultation response on encryption backdoors

This is my response to the UK Home Office consultation on the Draft Investigatory Powers (Technical Capability) Regulations 2017, not published online. The draft regulations imply that, once passed, there will be a legal requirement for communication providers to build backdoors into encrypted or otherwise secured systems so that the security services can access messages in real … Continue reading Home Office Investigatory Powers regulations consultation response on encryption backdoors →

How To Prepare For A Cyber Attack

There's no predicting when a cyber attack might come, whether it be in the form of a DDoS, a virus, malware, or phishing. It's therefore important to be constantly vigilant, and prepared for incidents when they do occur.