While I was at the National Hack The Government hackday, I was interviewed by Chris Vallance - an amazing radio producer with the BBC. We spent quite a while talking about my findings of unsecured Government websites. It was a wide ranging chat, looking at spam, security, and the long term future of .gov.uk and .nhs.uk. He did a marvellous job of compressing it into a 5 minute piece which should be relatively easy for the lay audience of Radio 4 to understand. You can listen to the…
Continue reading →
This is a necropost - resurrected from the now defunct blog of a previous employer. Sadly, most of the photos have fallen down the memory hole. So use your imagination. Energy efficiency is the next battleground for electronics. As the price of electricity soars, people will become less and less enamoured with charging their devices every single day. Even if cold-fusion brings us unlimited free energy - plugging your gadgets into a wall just seems so primitive! That's where BlueTooth Low…
Continue reading →
I've an interesting use-case, that I don't think is met by Android. I want my tablet to have access to my Google Play account but not have access to my emails. I recently acquired a cheap Android tablet to act as a remote control for my entertainment equipment. The tablet sits in my lounge where it can be accessed by all and sundry - my wife, guests, the plumber, etc. Occasionally, I want to buy apps for the tablet - some of the fancy remote-control apps cost money - so now I have a…
Continue reading →
Queen of the geek scene Emma Mulqueeny has recently been asked to sit on Speaker's Commission on Digital Democracy. They're currently soliciting for comments on the question: The system of laws and law-making in the UK is complex, but is that inevitable given the highly developed and interconnected society which laws regulate? Should you need to be a lawyer to understand and use an Act? You can leave your comment on their forum - here's what I submitted. Albert Einstein said: [T]he…
Continue reading →
This post is sponsored by eBay. I've been asked by eBay to put together a series of collections. As an international trend-setter*, it is my sincere pleasure to gather up the best that eBay has to offer. For example, here is a collection dedicated to the Galaxy Note 3. It's a mixture of kit I've bought, or stuff that I really want. You can see all of my collections on eBay. *Well... …
Continue reading →
It has been an intense few months digging through the security failings of the UK Government’s websites and trying to responsibly disclose them. It culminated with a week of blog posts exposing the vulnerabilities - and an award winning hackathon project. So what has been the reaction? The Good Privately, I've been contacted by people within the Civil Service who are working hard to make things better. I wouldn't exactly say they're overjoyed with what happened - but they're certainly p…
Continue reading →
What a crazy weekend! I made the last minute decision to attend Rewired State's "National Hack The Government 2014" hackathon. Rather than hack on any of the provided datasets, I wanted to work on an interesting way to present all the security flaws I had found in Government websites. I teamed up with Mark, Marcello, and Orlando - together we created "Corkr - Plugging the Government's Digital Holes" We were looking for different and interesting ways to visualise the data. Interactive…
Continue reading →
This is a necropost - resurrected from the now defunct blog of a previous employer. Sadly, the follow-up post has fallen down the memory hole. You can still read Sharon's response to it. Well, we can finally unwrap one of the little projects The Lab has been working on. Along with the Department of Energy and Climate Change we're aiming to stick QR codes on customers' energy bills. The proposal has the grand name of: "A consultation on proposals to amend domestic energy supply licence…
Continue reading →
Having recently moved house, I have become very aware of which companies have modern back end systems. The most top-notch ones let me log on to their website, fill in a form, and all the address changes are made. A few required me to ring up and speak to a human being, which was a little annoying, but not the end of the world. Only one company insisted that I write them a letter. Co-Op Business Banking. Despite having a moderately competent website, they couldn't process a change of…
Continue reading →
This is part 5 of a series of blog posts looking at the security of the UK Government's web infrastructure. The primary cause of the vulnerabilities I've exposed over this series is abandonment. In a flurry of excitement a website is commissioned and created. Then, as time wears on, people begin to drift away from the project. Job titles change, people are reshuffled, and senior management's gaze focuses elsewhere. Who is now responsible for updating and maintaining the software? No…
Continue reading →
This is part 4 of a series of blog posts looking at the security of the UK Government's web infrastructure. Over the last few days, I've shown that hundreds of websites run by branches of the UK state are in a perilous state of disrepair. There are multiple sites with hugely embarrassing XSS flaws, running ancient and unsecured software, languishing unmaintained and long since abandoned. What are the consequences of failing to invest in security and maintenance? The websites become a haven …
Continue reading →
This is part 3 of a series of blog posts looking at the security of the UK Government's web infrastructure. Britain's National Health Service is riddled with old and insecure WordPress-based websites. Many of these sites have severe flaws including being vulnerable to XSS attacks. There is absolutely no suggestion that patient data or confidentiality has been put at risk. These flaws were discovered passively using the information which was returned by the web server following a normal…
Continue reading →
· BBC Interview · 150 words