Introduction Thinkst’ers have spoken at a heap of security conferences across careers spanning decades, and yet last year (2017) was the first time any of us actually attended RSAC (https://www.rsaconference.com/), when I attended the expo (almost accidentally). At the time I was surprised by a bunch of things, from its insane size to the bizarre vendor shenanigans. As I walked the expo floor I asked an array of vendors if they felt the show was worth it for them. The …
Author: haroon meer
Introduction Thinkst’ers have spoken at a heap of security conferences across careers spanning decades, and yet last year (2017) was the first time any of us actually attended RSAC (https://www.rsaconference.com/), when I attended the expo (almost accidentally). At the time I was surprised by a bunch of things, from its insane size to the bizarre vendor shenanigans. As I walked the expo floor I asked an array of vendors if they felt the show was worth it for them. The …
(Guest post by Ollie Whitehouse) tl;dr Thinkst engaged NCC Group to perform a third party assessment of the security of their Canary appliance. The Canaries came out of the assessment well. When compared in a subjective manner to the vast majority of embedded devices and/or security products we have assessed and researched over the last 18 years they were very good. Who is NCC Group and who am I? Firstly, it is prudent to introduce myself and the company I …
(Guest Post by @marasawr) Author’s note : international law is hard, and these remarks are extremely simplified. Thinkst recently published a thought piece on the theme of ‘A Geneva Convention, for software.‘[1] Haroon correctly anticipated that I’d be a wee bit crunchy about this particular ‘X for Y’ anti-pattern, but probably did not anticipate a serialised account of diplomatic derpitude around information and communications technologies (ICT) in international law over the past twenty years. Apparently there is a need for this, …
The anti-pattern “X for Y” is a sketchy way to start any tech think piece, and with “cyber” stories guaranteeing eyeballs, you’re already tired of the many horrible articles predicting a “Digital Pearl Harbour” or “cyber Armageddon”. In this case however, we believe this article’s title fits and are going to run with it. (Ed’s note: So did all the other authors!) The past 10 years have made it clear that the internet, (both the software that both powers it …
Heres a quick, informal guide to deploying birds. It isn’t a Canary user guide and should: be a fun read; be broadly applicable. One of Canary’s core benefits is that they are quick to deploy (Under 5 minutes from the moment you unbox them) but this guide should seed some ideas for using them to maximum effect. Grab the Guide Here (No registration, No Tracking Link, No Unnecessary Drama) If you have thoughts, comments, or ideas, hit us back at …
We have been talking a fair bit over the past few years on what we consider to be some of the big, hidden challenges of information security [1][2][3]. We figured it would be useful to highlight one of them in particular: focusing on the right things. As infosec creeps past its teenage years we’ve found ourselves with a number of accepted truths and best practices. These were well intentioned and may hold some value (to some orgs), but can often …
A few days ago, @jack (currently the CEO of both Square && Twitter) posted a pic of his iPhone. [original tweet] It struck me as slightly surprising that both Square & Twitter could be using Gmail. Both companies have a ton of talent who deeply understand message delivery and message queues. I wouldn’t be at all surprised if both companies have people working there who worked on Sendmail or Postfix. On some levels, twitter competes with Google.. (if Google Pay …
A Quick Overview of our Canary Product – Check it out at https://canary.tools …
This year we gave a talk at BlackHat titled: Bring back the Honeypots. You can grab a quickly annotated version of the slides from [here] As usual, we had waaaaaay more content than time (which should have been expected with about 142 slides and multiple demos) but we like to live dangerously.. The linked slides are annotated, so you should be able to gather the gist of our thoughts, but some of them (especially the demos) do require their own …