essay

Why the PeopleSoft Victims Were Scanned and Not Chosen

ShinyHunters found exploitable PeopleSoft servers by scanning the internet for reachable instances. With no fix available until after the attacks began, exposure determined the victims.

Reading the 2026 DBIR Beyond the Patching Headline

Everyone is quoting the DBIR's headline stat about vulnerability exploitation. The findings that should change how you prioritise are further in.

CISA's New Patching Directive and Why It Matters

CISA's BOD 26-04 ditches CVSS-based patching for a risk-based model. Here's what it means if CISA doesn't govern you.

How to Outwit Attackers with Cyber Deception

What a magician's toolkit can teach you about keeping attackers away from what matters.

My Rules for Work

Things that I find make things better when working with colleagues

Back to Blogging

After a long break, I'm back!

Private Key Compromise

Private Key Compromise

Confessions of a Public Speaker - Scott Berkun

Confessions of a Public Speaker - Scott Berkun

Server Gate Cryptography secrets

Certification Authorities (CAs) offer two types of SSL certificate, but which should you use?

Invasion of the Not Quite Dead Trailer released!

IndywoodFILMS presents 'Invasion Of The NOT QUITE Dead' teaser promo...

Time Travellers

Time Travellers

DDOS on Twitter - happening now!

Twitter.com is currently down. Status.twitter.com reports that they are currently fighting a DDOS attack.

Blogging in the real world

Blogging in the real world

Invasion of the Not Quite Dead

Filmmaker Antony Lane is attempting to revolutionize the way films are funded here in the UK, by putting some life back into an almost dead film industry.

Edinburgh's Graveyard Disgrace

I'm sometimes ashamed to walk through Edinburgh's graveyards because of the state of disrepair they have fallen in to over the past few years.