Unscrewing Security

RSSSubscribe to this blog
About Author

Alec Muffett is a veteran security geek who believes strongly in common sense, full disclosure, defence in depth, privacy, integrity, simplicity and open source. He is an independent consultant, writer, and speaker specialising in security education.

Contact Author

Email Alec

Twitter Profile

Linked-in Profile

Recent Posts

Security Events To Watch: 44Con London Security Conference

Bowler Hat Briefings?

I've long thought that the UK needed a real security conference; for years we've had the booth-bunny fest that is Infosec where you get to see anti-virus pitchmen working the crowd like the guy at my saturday market vegetable stall;...

Tags: 44con, conferences, dc4420, hacking, london, security

An indictment of humanity's woeful security...

Careful how you speak

I read articles like this and I fume: Only hours after embarrassing the CIA by downing its website, hacking jokesters LulzSec have issued another self-declared indictment of the Internet's woeful security, leaking a database of 62,000 stolen passwords and user...

Tags: internet, lulzsec, security

Apple malware is a foreign country...

...they do things differently there

Picture this: some monstrous creature out of a fairy tale arrives at your house, knocks at the door, is let in, and abducts your wife away to the circus. What do you do? Well, if you're PCWorld or some of...

Tags: antivirus, apple, malware, security, windows

Metricating (Cyber) Security

What's your yardstick?

A forensics friend - Jon Care - pinged me on Instant Messenger last night: Him: Do you remember your "Corporate Security Index", inspired by Dilbert?Me: Rings a faint bell. Did I write it?Him: You wrote "8.6" on a bit of...

Tags: cybersecurity, metrics, security

The War On Information Access

If we can't ban it, we'll stop you getting at it

Information is only useful when it can be accessed at which point it becomes something entirely other - music, video, evidence, or even knowledge - and to do this there is a three-step process: You discover the information - by...

Tags: censorship, dhs, firefox, ice, mafiaafire, security

The Security Backlog

All the stuff that I should have covered whilst wishing I was dead

Everything was going so well at Dunhacking, but a dodgy Brick Lane curry eaten at the a market stall whilst attending LinkedGov Hackcamp flattened your correspondent for 10 days, and since then the backlog has been too terrifying to address...

Tags: android, bsides, cybersecurity, dc4420, hacking, iphone, security, tomtom

#practical #dropbox #security #advice

How about checking your security settings?

Everybody loves Dropbox - but I was wondering how long it would be before somebody posts an exposé - and thus Derek Newton writes in his blog: Under Windows, Dropbox stores configuration data, file/directory listings, hashes, etc in a...

Tags: authentication, dropbox, hacking, panic, security, twitter, wisdomofcrowds

Like the Universe, Cyberspace is boundless...

...therefore might we spend an infinite sum of money on it?

Last Thursday I attended the British Computer Society Meeting the Cyber Challenges of 2012 conference. Over the course of the day there were some epic quotes - to give a flavour: "You have a cryptographic failure, and then the terrorists...

Tags: bcs, cybersecurity, cyberwar, government, ocsia, security

Podcasts and Videos for the bored Security Geek

fill your brains with audio-visual security goodness

"So, you go to the gym and work out, listening to security podcasts... ?" "Yes, yes I do." "Mmm. Explains a lot." This week I have been thrilled to discover the RB2 AusCERT security podcasts from last year... and yes,...

Tags: bcs, cybersecurity, cyberwar, exercise, security

Skype is great, but should you bet your freedom on its security?

"Answer hazy, try again later"

I should start with disclosure: on March 15th Privacy International (PI) posted a press release calling upon Skype to respond to what they call mounting security concerns regarding Skype's core product. I saw a draft of this press release because...

Tags: certificates, china, cryptography, hacking, interception, security, sophos