Posts Tagged ‘security’

At their re:invent 2014 show Amazon launched AWS Key Management Service (KMS), “a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys”. At launch the service supported EBS, S3 and Redshift. […]


CloudFlare have made SSL available to all free subscribers to its content delivery network (CDN) with Universal SSL. The move addresses both cost and complexity issues that have previously confronted web site and application owners wanting to deploy SSL. CloudFlare takes care of issuing a certificate at no cost to the end user, and enabling […]



This was a warm up for a presentation I’ll be doing at AppSec USA later in the year. I got some good feedback on the night, but if you have more then please make a comment below.


The dust is starting to settle now in the wake of Heartbleed[1] – those that are going to fix it have already, other servers that are suffering from the issue will remain vulnerable for years to come. It’s time now for reflection, so here’s mine. I was on a family vacation when Heartbleed was announced, and […]


Update (13 Mar 2014) – this presentation is also available on YouTube I did a presentation at the open source hardware users group (OSHUG) last night. Click to the second slide to get the TL;DR version: With more time I’d like to get some quantitative material on the memory footprint of various cipher suites and […]


I got an email from my bank yesterday telling me that they’re rolling out two factor authentication (2FA) to protect their my money from fraudsters. It looks like a pretty standard one time password (OTP) based scheme that will have a choice between mobile and physical tokens. They’re being pretty inflexible about the deployment model […]


For those of you wondering what I do in my day job:


My New Job

04Mar13

I’ve started a new job as CTO for CohesiveFT. It’s a great company with a great team and some great products and services. As I’ve known many of the people since before the company was founded this post could be subtitled ‘a brief history of CohesiveFT’. The people and pre-history Alexis Richardson was the instigator. […]


This is a long overdue reply to Chris Hoff’s (@Beaker) ‘Building/Bolting Security In/On – A Pox On the Audit Paradox!‘, which was his response to my ‘Building security in – the audit paradox‘. Hopefully the ding dong between Chris and I will continue, as it’s making me think harder, and hence it’s sharpening up my […]