Blue Team Hackers

This week, Facebook notified its users of its intent to roll out A.I. This includes using content from its userbase – ie, you – as learning material to train it. Meta (parent company of both Facebook and Instagram) describes this content thusly: “Information you’ve shared on our Products and services could be things like:– Posts–… Continue reading Illegitimate Consent

A little while ago, Glenn posed the question: You do phishing tests? Why? I was talking with someone earlier today who is selling something on the Internet, they forwarded me a message they’d received from a potential buyer and asked me, “is this a scam?” To which the answer of course is, “if you find… Continue reading You Do Phishing Tests? Redux

… or, “risk management 101.” Kevin the chicken wants to cross the road. Should he? We can define risk as (likelihood x severity) vs reward. To use a slightly more colourful metaphor, this is broadly “is the brown stuff realistically in danger of hitting the air circulation device, and how widely will it be distributed… Continue reading Why Did the Chicken Cross the Road?

Apparently, three million Internet-connected toothbrushes were recently compromised and used to launch a DDoS attack. This is being widely reported across multiple news (and “news”) sources and it’s been a hot topic on various social media platforms for a day or so. It’s mad, right? But there’s just one problem. It’s not true. There are… Continue reading 3 Million Internet Toothbrushes, Oh My!

(AKA, “Alan Is Running Out Of Ideas For Post Titles.”) A quick recap. In Part 1 we looked at why keeping your personal authentication credentials safe is important. In Part 2 we explored how passwords are increasingly becoming unfit for purpose. In Part 3 we had a brief segue into why people inherently struggle with… Continue reading Password, Smashword

The fourth in an occasional series. If you’re new here I’d recommend starting with Part 1 and working through. It’s not that long, I promise. In my preamble to Part 3 I posited that: “Whatever we come up with the solution is likely to be a password plus [something else] because, realistically, passwords aren’t going… Continue reading Old McDonald Had a Password, M, F, M, F, A.

I genuinely despise trade shows. Over excitable sales people who understand the product or service they are trying to sell, but not the problem it’s hopeing to solve. The “nobody wins” exchange of you giving your permission to be marketed to and suffering a 2 minute elevator pitch for a product you have no intention… Continue reading A little bullshit-free island in a sea of blinky boxes & tight jeans with brown shoes

In Part 1 and Part 2 of this little series we discussed why passwords are simultaneously both critical and pointless. “Schrodinger’s Password,” if you will. Which is all well and good but, now what do we do? Whatever we come up with the solution is likely to be a password plus [something else] because, realistically,… Continue reading What Is It With You And Passwords Anyway?

Following on from Part One Predicting the future is Hard. Bill Gates once apocryphally stated that “640k should be enough for everyone” (spoiler: he almost certainly never said that). One thing he definitely did say however, at an RSA Security conference in San Francisco way back in 2004, was that passwords “don’t meet the challenge… Continue reading Why Your Password Isn’t Important

Recently, a colleague employed by a software company asked me a question. A client of theirs has requested that they amend their software to allow them to set all their users with a single identical password that the users can’t change.  He asked me, “isn’t this a bad idea, and is it even legal?” Let’s… Continue reading Why Your Password Is Important.