Certified in The Art of Hacking - Day 5


Logo for QA's certified in the art of hacking course.

This is a diary of what I've learned. Hopefully it will let other learners know what the course is like, and if it is worthwhile. Oh, and it might just help me remember what I'm learning! Verdicts Some of the lab tasks were impossible without looking at the cheat sheet. I got stuck on one…

Continue reading →

Certified in The Art of Hacking - Day 4


Logo for QA's certified in the art of hacking course.

This is a diary of what I've learned. Hopefully it will let other learners know what the course is like, and if it is worthwhile. Oh, and it might just help me remember what I'm learning! The penultimate day. Try not to worry about the upcoming exam! Today was lots of HTTP, TLS, and other…

Continue reading →

Certified in The Art of Hacking - Day 3


Logo for QA's certified in the art of hacking course.

This is a diary of what I've learned. Hopefully it will let other learners know what the course is like, and if it is worthwhile. Oh, and it might just help me remember what I'm learning! Day 3 - the day I was dreading most of all… Windows! I've been avoiding M$ WinDoze (LOL!!!) since…

Continue reading →

Certified in The Art of Hacking - Day 2


Logo for QA's certified in the art of hacking course.

This is a diary of what I've learned. Hopefully it will let other learners know what the course is like, and if it is worthwhile. Oh, and it might just help me remember what I'm learning! Day 1 was all about password cracking and metasploit. Today? Linux Hacking! Sadly, we aren't learning anything to do…

Continue reading →

Certified in The Art of Hacking - Day 1


Logo for QA's certified in the art of hacking course.

As part of my MSc, I have to take three "Professional Practice" courses. The course provider, QA.com, let me choose anything from their online catalogue. The first I'm doing is Certified in The Art of Hacking. As regular readers will know, I'm pretty reasonable at hacking. I have received bug bounties from Google, Twitter, Samsung,…

Continue reading →

Creating a public, read-only calendar


A bright and easy to use weekly view of my diary.

Last year, I blogged about why I make my work calendar public. It is useful to have a public website where people can see if I'm free or busy. But the version I created relied on Google Calendar which, sadly, isn't that great. It doesn't look wonderful, especially on small screens, and is limited to…

Continue reading →

Book Review: Permanent Record


Edward Snowden, a geek in glasses, looks away from the camera.

Edward Snowden, the man who risked everything to expose the US government’s system of mass surveillance, reveals for the first time the story of his life, including how he helped to build that system and what motivated him to try to bring it down.

Continue reading →

Book Review: Helpful Hackers


A locked gate.

The Netherlands is a world leader in responsible disclosure. The Dutch like to resolve conflicts through a process of general consultation: the famous ‘polder model’. In this book, we hear from the hackers, system owners, IT specialists, managers, journalists, politicians and lawyers who have been key players in a number of prominent disclosures. Their stories offer a glimpse into the mysterious world of cyber security, revealing how hackers can help us all.

Continue reading →

Who can I hire to hack me?


GitHub screenshot "Insert your security key Press the button on your security key device to finish signing in. If it does not have a button, just re-insert it."

I use a password manager. I have 2FA set up on everything. When an organisation asks me to set a recovery question, I generate a 32 character passphrase. I don't use my mother's maiden name or my first pet's birthday on anything sensitive. I monitor my email addresses for breaches, and I regularly check my…

Continue reading →

Tado API Guide - updated for 2019


Debug screen of a web browser.

Tado is a brilliant smart thermostat. But their API is very poorly documented. This is an updated guide for 2019. I am indebted to Stephen C Phillips' original documentation. Getting started You will need: A Tado (duh!) Your Username (usually your email address) Your Password A Client Secret Getting the client secret I'm using this…

Continue reading →