At the end of last year we did BlackHats 2013 year in review. It was a webcast (which means you are spared seeing our faces, but not from hearing our voices or seeing our slides). Although its probably slightly dated, we think theres some value in it for those who didn’t dial in. You can grab a copy of the slides in PDF here, and can watch the video below: (talk starts at 2m07s) Ps. We know it’s dreadfully late to post …
Blog Posts
Our ITWeb Security Summit keynote this year covered the Snowden Leaks from a South African point of view. Our talk was based on ideas we articulated in an op-ed piece for Al Jazeera last year, titled: “Silicon Valley, spy agencies and software sovereignty” ITWeb has already uploaded the video (Go ITWeb!) – Below you can grab a version of the video, with the slides added as an overlay (if nothing else, it makes the nasal voice more bearable) …
The video from the 44CON talk (A talk about (infosec) talks) we gave in September has been posted to YouTube. You can grab the slides [here] | You can watch the video online [here] …
Today we are happy to release to the public: http://phish5.com Simply, Phish5 is Phishing as a service. It allows a fairly unsophisticated user to phish users in her organization, quickly, easily and from the comfort of her own browser. Why would we do this ? In the past year, a host of high profile news organizations were phished, and then publicly spanked. The attack that compromised the AP’s twitter account [Verge] even led to a visible dip on the Dow. …
The number of security conferences shows no signs of slowing down, feeding an ever-growing appetite for talks, presentations and content. If you’re anything like us, both attending and speaking at conferences is part and parcel of your job, even if it’s one event per year. In the absence of publication channels available in other disciplines such as good quality journals, security researchers have the option of blog posts, ezines such as Phrack, mailing lists or conferences. Many choose to go …
The Mandiant APT1 report that was released a week ago has been causing some consternation, which makes it a ripe topic for our ThinkstScapes service. This morning, we issued an ad-hoc update to our customers containing our views of the APT1 report. In short, the data is interesting, but does not conclusively point to Unit 61938. There are too many open questions to justify the finger pointing. Take, for example, the markers released for the APT1 group. The report does …
The past few years have provided us with a number of high profile hacks and data breaches. In 2010 Google famously announced that they were hacked and put out details on the compromise (later dubbed the Aurora incident). In the months that followed, it became clear that google were not the only Aurora victims. Companies in almost every sector from DuPont to Disney were also breached (but were less forthcoming on the details). If these companies, widely lauded as having …
This post is about 6 months overdue, but we have been busy with a whole bunch of interesting projects (which always manages to dent blogging time.) One of these projects, is http://signalnoi.se We formed Thinkst to work on difficult, interesting problems, and while working on security problems for a well known media organisation, we bumped into (a surprisingly common) problem organisations have: failing to benefit from the available insights afforded by the real-time social media networks. Signalnoi.se managed to win the Knight Fundation’s News Challenge …
Fred Wilson over at AVC.com wrote a piece on the Etsy offices (in 2010) titled: “The office matters” In it he explained how “They are getting the best talent in NYC to come to their company” and commented on the importance of paying “attention to the office and the culture” of a company. Around the same time I had written a piece titled “Cargo Cult Startups” in which i posited that too many companies were faking startup culture, keeping draconian …
A little while back, a colleague of a colleague approached me with a favour request that was hard to refuse (no, not that kind…) They had one of these external harddrives that supports on-drive encryption and, as you will have guessed, had forgotten the password. No more saved business docs, but also no more saved baby pics. “Could we have a look?”, they asked. A brief search online revealed companies who claim to be able to recover passwords for these …