Protocol Breaks

Little Bobby Tables Back in the day – and even today – one of the most common security flaws in websites was a “SQL Injection”. It’s where an attacker uses especially crafted data and puts it into innocent-looking fields within a form that are then used to construct a database query. Or, as XKCD readers … Continued

Keeping an eye on your website

I recently got embroiled in a discussion about NHS IT, and commented how people in the NHS need simple, cheap tools to help keep their head above water on maintaining systems, not necessarily complex security tooling. One practical example raised was website security, with a quick Google search revealing a number of websites under the … Continued

A Problem Shared

By the end of Friday, the first wave of the WannaCry Ransomware attack was over – a researcher (MalwareTechLab) had, in trying to gain further insight into the attack, inadvertently disabled its worst damage, preventing it “detonating”. The researcher wasn’t working alone – in fact, he was working alongside researchers all across the UK and … Continued

Asymmetric Information in Cyber Communities

What do Points mean? All of our engineering team take part in our sales activity, and I’m unashamedly enthusiastic about this. It gives us real visibility of the market. It establishes a connection with our customers that’s hard to beat. Most critically, it forces engineers like me to keep thinking about the technology we build … Continued

Debugging with Bacon

Debugging is the method for finding and fixing bugs. Bugs are behaviours in a software system which are undesirable and counter to the programmer’s intent. You’d think, given the obvious importance of debugging in providing and maintaining quality software, that it’d be easy to find hundreds of good quality tutorials on the web to guide … Continued

LastPass security notice and tips

Yesterday LastPass issued a security notice. Surevine uses LastPass for some password management activities, including sharing credentials with some partners. Partners are advised: We are aware of the issue We have issued advice to all our LastPass users All our LastPass users were already using strong master passwords All our LastPass user use multi-factor authentication … Continued

Top 10 events during #RSAC week

RSA Conference – where the world talks security RSA Conference is one of the world’s largest conferences dedicated to security and information sharing, and there are ongoing events throughout the week to entice you in. At Surevine, we’ve put together our top 10 events not to miss at #RSAC 2015, so you don’t miss out! … Continued

More Protocol Archeology

A little while ago, I wrote about some of the design principles of IMAP dating back 30 years. Since I recently came across a blog post explaining how slow SMTP is, it occurred to me there was plenty to learn from that too. Internet Mail is a really ancient facility. It dates back to 1971 at … Continued