Blog Posts

ShoulderPad Slashdotted! (and two clarifications)

(because we can’t have enough posts with exclamation marks in them) Our previous post (and research) seemed to go by pretty silently initially and then suddenly was everywhere. Andy Greenberg wrote a piece over at Forbes which really does deserve special mention. Tech journalists so often sensationalize security stories that many security researchers are quite afraid to even talk them. I certainly was, but his piece was fair, balanced and covered all the interesting points. +1 to him. The Forbes

Continue Reading

On-screen Keyboards Considered Harmful

(aka: Shoulder Surfing: There’s an App for that!) We rarely talk about it these days, but shoulder surfing is a pretty old (but reliable) attack. This is why most password prompts are masked. Many modern mobiles (and tablets) however will highlight keys pressed on the keyboard making old style shoulder surfing attacks trivial (and reasonably automatable) again. In an effort to (help) bring back the 90’s we decided to do some fiddling and built a quick app(on top of the

Continue Reading

Simple Graphs with Arbor.js

We recently released a tool at http://cc.thinkst.com to capture and collect infosec conference details. We commented on it [here]. One of the cooler components of it, is the ability to view the relationships between speakers/researchers who have collaborated. This post is a quick introduction to the library we used to build our graphs, with enough info to get you up and running in minutes. As I mentioned, we use ArborJS library which is a a graph visualization library using web

Continue Reading

ThinkstScapes (Quarter One Recap)

In February this year we launched ThinkstScapes as a Security Intelligence subscription service. It was originally aimed chiefly at adding context & clarity to newly published research and conference proceedings. The subscription also catered for periodic updates and commentary via “Ad Hoc” updates. We just wrapped Quarter-1, so figured a quick round-up of Q1 would make sense. Interestingly the adhoc updates turned out to be quite popular with customers (forcing us to pay far more attention to them) and in

Continue Reading

iTried Update (oops)

*oops* We forgot to mention that we updated iTried in the App Store. (iTried is the tiny app that takes a photograph on your Mac whenever the screensaver is disturbed). The new version will allow you to post the pic to twitter whenever it takes one (or whenever it can) which gives you 2 cute possibilities: The ability to remotely see who has been at your Mac The all important ability to track you own haircut over time ;> Check

Continue Reading

(ComputerSecurity) Conference Collecting

We wanted to quickly announce the availability of http://cc.thinkst.com (a resource in need of it’s own domain & a better name.) CC is a simple application that aims to give us a single point where one can search and browse infosec conference talks and materials*. Quick OverviewOne of the cool things about having all of this data in a central db is that we are just as easily able to search by topic (http://cc.thinkst.com/searchMore/foo/) as we are by speaker (http://cc.thinkst.com/searchMore/halvar/)Finding

Continue Reading

Interview with the Infosec Institute

The folks over at the Infosec Network have recently started doing interviews with security researchers. They have interviewed some real rock stars so far ([Charlie Miller], [HD Moore], [Joanna Rutkowska], [David Litchfield], [Matthieu Suiche], [Dan Kaminsky], and [Jeremiah Grossman] ) so i was pretty flattered when they asked me.. My interview is up [here] complete with dodgy photo and embarrassingly bad answers..

Continue Reading

Nothing (really) new under the Sun – Verizon Breach Report..

The Verizon RISK Team has once again released their annual Data Breach Investigations Report. [Grab it Here] Once more, the report makes for interesting reading and this year the discussion point is bound to be the marked decline noted in compromised records (From 361 million in 2008, to 144 million in 2009, to 4 million in 2010). We will kick off a ThinkstScapes adhoc update to customers analyzing the report, but thought one of the interesting points to note was

Continue Reading

What Anonymous taught us about Cyber War

 I wrote a piece on Cyber War, and what the recent HBGary breach teaches us about the current landscape. While I still feel bad for anyone who has their mail spool exposed to the world, the HBGary mails give us an interesting insight into a part of the world seldom seen by all. Check it out [here]

Continue Reading

Site Footer

Authored with 💚 by Thinkst