While I was at the National Hack The Government hackday, I was interviewed by Chris Vallance - an amazing radio producer with the BBC. We spent quite a while talking about my findings of unsecured Government websites. It was a wide ranging chat, looking at spam, security, and the long term future of .gov.uk and…
Continue reading →
I've an interesting use-case, that I don't think is met by Android. I want my tablet to have access to my Google Play account but not have access to my emails. I recently acquired a cheap Android tablet to act as a remote control for my entertainment equipment. The tablet sits in my lounge where…
Continue reading →
Queen of the geek scene Emma Mulqueeny has recently been asked to sit on Speaker's Commission on Digital Democracy. They're currently soliciting for comments on the question: The system of laws and law-making in the UK is complex, but is that inevitable given the highly developed and interconnected society which laws regulate? Should you need…
Continue reading →
This post is sponsored by eBay. I've been asked by eBay to put together a series of collections. As an international trend-setter*, it is my sincere pleasure to gather up the best that eBay has to offer. For example, here is a collection dedicated to the Galaxy Note 3. It's a mixture of kit I've…
Continue reading →
It has been an intense few months digging through the security failings of the UK Government’s websites and trying to responsibly disclose them. It culminated with a week of blog posts exposing the vulnerabilities - and an award winning hackathon project. So what has been the reaction? The Good Privately, I've been contacted by people…
Continue reading →
What a crazy weekend! I made the last minute decision to attend Rewired State's "National Hack The Government 2014" hackathon. Rather than hack on any of the provided datasets, I wanted to work on an interesting way to present all the security flaws I had found in Government websites. I teamed up with Mark, Marcello,…
Continue reading →
Having recently moved house, I have become very aware of which companies have modern back end systems. The most top-notch ones let me log on to their website, fill in a form, and all the address changes are made. A few required me to ring up and speak to a human being, which was a…
Continue reading →
This is part 5 of a series of blog posts looking at the security of the UK Government's web infrastructure. The primary cause of the vulnerabilities I've exposed over this series is abandonment. In a flurry of excitement a website is commissioned and created. Then, as time wears on, people begin to drift away from…
Continue reading →
This is part 4 of a series of blog posts looking at the security of the UK Government's web infrastructure. Over the last few days, I've shown that hundreds of websites run by branches of the UK state are in a perilous state of disrepair. There are multiple sites with hugely embarrassing XSS flaws, running…
Continue reading →
This is part 3 of a series of blog posts looking at the security of the UK Government's web infrastructure. Britain's National Health Service is riddled with old and insecure WordPress-based websites. Many of these sites have severe flaws including being vulnerable to XSS attacks. There is absolutely no suggestion that patient data or confidentiality…
Continue reading →