Blog Posts

Etsy shows established companies the way..

Fred Wilson over at AVC.com wrote a piece on the Etsy offices (in 2010) titled: “The office matters” In it he explained how “They are getting the best talent in NYC to come to their company” and commented on the importance of paying “attention to the office and the culture” of a company. Around the same time I had written a piece titled “Cargo Cult Startups” in which i posited that too many companies were faking startup culture, keeping draconian

Continue Reading

The lamest hacks

A little while back, a colleague of a colleague approached me with a favour request that was hard to refuse (no, not that kind…) They had one of these external harddrives that supports on-drive encryption and, as you will have guessed, had forgotten the password. No more saved business docs, but also no more saved baby pics. “Could we have a look?”, they asked. A brief search online revealed companies who claim to be able to recover passwords for these

Continue Reading

marco@thinkst.com

In 2009 I wrote a post on recruiting and mentioned “the T-shirt Test“. It read: The T-Shirt test is simply to ask yourself: “how will i feel standing at a conference, with this guy next to me wearing my company T-Shirt”. If you don’t like the thought, you shouldn’t make the hire. I still feel strongly about the T-Shirt test, and feel really strongly about the importance of company culture which makes it crazily cool to officially welcome Marco Slaviero

Continue Reading

Penetration Testing considered harmful today

Early last year we presented at 44con with a talk titled: “Penetration Testing considered harmful today“. 44con have just released the video so we figured it was worth a quick recap (for anyone not willing to tolerate the whiny voice!) The original slides (in PDF) are available (here) The central thesis of the talk is that penetration testing has established itself as a necessary activity for securing a network and is now pushed forward by a multi million dollar industry despite

Continue Reading

Penetration Testing considered Harmful Today

(This talk was given at 44Con in London (2010)) Brief details on it can be found here. The point of the next four slides is merely to establish some sort of credibility. Essentially it’s to try and establish that when I talk about pen testing, I do actually have some background in it. This is the central thesis of the talk, and I’ll try to explain why I believe this is true..  In 2010 we wrote a blog post titled

Continue Reading

Chrome Extension for gpg in Gmail

Last month we released an alpha version of cr-gpg. This is a simple Chrome extension to enable gpg functionality in gmail (or Apps for Domains). (If you don’t know what gpg is, you should first read this and this.) Installation : You can grab the extension from [here] and a double click should install it , after the install is completed you should see the image above if you navigate to chrome://extensions : Options : Once you have installed the

Continue Reading

BlackHat according to Twitter

For the first time in a decade I didn’t attend BlackHat USA in Las Vegas. I learned that South Africa in August is much colder than i recalled, but also had the chance to observe the conference from through a twitter-lense. It seemed as if there was more talk about parties, than content so I decided to grab all the tweets i could (#blackhat through the twitter search API) to do some simple grouping*. Whats clear straight off is that

Continue Reading

ShoulderPad Slashdotted! (and two clarifications)

(because we can’t have enough posts with exclamation marks in them) Our previous post (and research) seemed to go by pretty silently initially and then suddenly was everywhere. Andy Greenberg wrote a piece over at Forbes which really does deserve special mention. Tech journalists so often sensationalize security stories that many security researchers are quite afraid to even talk them. I certainly was, but his piece was fair, balanced and covered all the interesting points. +1 to him. The Forbes

Continue Reading

On-screen Keyboards Considered Harmful

(aka: Shoulder Surfing: There’s an App for that!) We rarely talk about it these days, but shoulder surfing is a pretty old (but reliable) attack. This is why most password prompts are masked. Many modern mobiles (and tablets) however will highlight keys pressed on the keyboard making old style shoulder surfing attacks trivial (and reasonably automatable) again. In an effort to (help) bring back the 90’s we decided to do some fiddling and built a quick app(on top of the

Continue Reading

Simple Graphs with Arbor.js

We recently released a tool at http://cc.thinkst.com to capture and collect infosec conference details. We commented on it [here]. One of the cooler components of it, is the ability to view the relationships between speakers/researchers who have collaborated. This post is a quick introduction to the library we used to build our graphs, with enough info to get you up and running in minutes. As I mentioned, we use ArborJS library which is a a graph visualization library using web

Continue Reading

Site Footer

Authored with 💚 by Thinkst