I’m seeking new opportunities

After nearly 3 1/2 years in my previous role, I have decided to move on to find to pastures new.

Security is a personal passion of mine as you may have seen from my Twitter account (@SPCoulson) and I want to now bring security to the doorstep of organisations and help highlight and repair weaknesses, but also demonstrate how they can effectively prevent themselves becoming a victim of crime.

So many organisations spend vast amounts of time, money and resources to create powerful brands and great products but because security is often seen as a barrier to innovation, it only gets added on afterwards, usually in a reactionary way, and rarely implemented well.

Having seen and heard the pain that organisations go through during breaches and compromises, I want to reach out and use my knowledge and expertise to guide organisations to safer and securer times so their people, physical and data assets, and intellectual property are appropriately protected.

If you think you might be able to use my services, or have a position I may be relevant for – please get in touch. I am actively hunting so there is a chance you are on my radar !

As I have a broad set of skills, you may find this list of some guidance :

* Commercial –

Business Development, Business Process Management, Project Management, Process Re-Organisation, Project Build, Market Research, Sector Analysis, Competitor Research,

* Educational –

Training, Coaching & Mentoring, Side-by-Side Coaching, Researcher, Speaker.

* Compliance –

Quality Management, ISO 9001, ISO27001, ISO14001, PAS 2060, Basic PCI

* Security –

Ethical Security Testing, Social Engineering, Penetration Testing, Vulnerability Scanning, Security Professional, Physical Security Design,

* Datacentres –

Datacentre Design, Operation and Security.

[LINK] – Reduced CV for download, full CV available on request

[LINK] – Link to my LinkedIn Profile

 

Get in touch if you think I can help you !

XSS and Tweetdeck and the person behind the discovery

So XSS appears to be back in Tweetdeck.

 

I was first alerted when I got this pop-up :

Capture22

My initial reaction was to ask out on Twitter – then I noticed it … every time there was a love heart in someone’s tweet I got a pop-up telling me there was an XSS in Tweetdeck.

 

I did a quick search to try and find the first reference of XSS and Tweetdeck and found https://twitter.com/pixeldesu/status/476744509783822337

After a quick dialogue and a few names .. there it was :

Capture 33

I had a brief chat with @firoxl and it appears that the bug was discovered by accident.

It actually was some sort of accident. ^^

https://twitter.com/firoxl/status/476738843841159168

Capture 44

I was using TweetDeck, suddenly there were 2 hearts.

I made some experiments and discovered that TweetDeck doesn’t escape HTML-chars if there is that Heart in the tweet.

As with all great discoveries – they were done by accident.

At the time of writing, Tweetdeck has now fixed the issue :

https://twitter.com/TweetDeck/status/476763638695743489

Capture55

Where could it have gone to ?

Well – Firo speculates “someone could load some external js-code and build a computer-worm which takes over the accounts of many people… there are many ways this issue can be used to harm someone…”

And there you have it 3:52pm to 5:31pm – bug identified, replicated, proven, fixed and rolled out – not a bad issue fix in the grand scheme of things !

 

Many thanks to everyone who was involved in the making of this blog – especially Firo XI, kudos for helping out.

 

 The FIX :

Log out of Tweetdeck – log back in again !

 

 

 

Digital Freedom – the manifesto is launched

Mikko Hypponen and David Hasselhoff have appeared on stage at re:publica 14 and launched the new Digital Freedom manifesto.

The manifesto is based on 4 points :

  1. Freedom from mass surveillance (target / blanket)
  2. Freedom from digital persecution (privacy in the future)
  3. Freedom from digital colonisation
  4. Freedom of digital access, movement and speech

 

I watched the keynote with interest and have the following thoughts :

Freedom from mass surveillance (target / blanket)

I appreciate that there is a time and place for surveillance. CCTV watches our every move and our internet traffic is scanned for key words. To remove this I believe would be a mistake – but instead, they should be more transparent instead. Go ahead, watch me and scan me … but only if you do something useful with this data to keep me safer. Sure I have secrets and sure, I am aware of what I post … but can you imagine a world where facial recognition does not pick up the criminals ? I think that there is a specific use case for mass surveillance, but it is currently not being handled well and certainly not following the same standard of disclosure globally.

Freedom from digital persecution (privacy in the future)

This I understand and totally support. Right now, May 2014, it is OK to have certain views, prejudices etc, but in 2020, will those standards still hold. Will my old opinion still be the same ? I once thought I was going to be an electrical engineer – that didn’t work out, so why should the opinions I have still hold ANY weight in the future ? We need to isolate a case, sure, look back in history to see if it a long-held opinion, but certainly not to use it to persecute in the future.

Freedom from digital colonisation

The lines between technology and our existence are more blurred than ever. With the Internet of Things, mobile tech etc … we see more intrusion of technology into our lives. And it is just that .. an intrusion. We need to learn to adopt the divide between tech and life. Just because technology exists doesn’t mean we have to shoe-horn it into every day lives – especially if it is to the detriment of our privacy. We all need to learn to have down-days. Non-tech days … and if you don’t know the answer to a problem, instead of Googling it … use this method:

  • Brain – think about it, work out the options and the theory.
  • Book – read it in a book, they are more than paperweights !
  • Buddy – ask a friend, a colleague … the meat space !
  • Boss – ask a person in authority, your boss, a department head, a lecturer, they generally got there by knowing something !

Freedom of digital access, movement and speech

Should I be allowed to write what I want ? What about offending someone or prejudice ? Should I be restricted in what I can/can’t say ? I think this comes down to an old skill that we seem to have forgotten with the advent of technology – the art of common sense. So I would like to introduce you to Gran’s law. Think about an elderly relative (a Grand-parent for example). Now go ahead and type your real feelings about something you feel passionate about. If your Gran were to read it, would she be offended, clip you round the ear, would she be horrified about it … if the answer is yes, then it is probably best to keep it off the internet ! Common sense can save you a lot of conversations later. You should not be thinking about your intended audience but that the internet sees all.

 

What are your thoughts ? Have you posted on the Digital Freedom site ?

 

It’s time to talk

Talk .. its a simple thing. Sometimes we get criticised for talking too much, sometimes to the wrong person and often for not saying enough.

And yet the phrase is “talk is cheap.” I disagree, talking can be expensive!

Talking is a unique skill, animals can communicate but the breadth of language we have achieved across the earth is staggering; common languages, country specific languages, local languages, dialects, sign languages, the list seems endless.

But all this time there is something unique about talking. Because we use our face, we therefore use expression and so talking is a more genuine method of communication. Is this why it is easier to write an email to let someone know bad news than speak to them face to face?
Today we have a special chance though to talk.

Today, 6th February is #TimetoTalk day.

Time to Talk
#TimeToTalk

I talk to my partner all the time. She hears my woes and successes and I know I am in a special situation in the fact she is a good listener. For that I am eternally grateful.

However, in our communities whether it is information security, web design, marketing or wherever you work, do we talk? I think no. We say a lot without actually talking. Today is a day when we need to focus on talking.

So let me talk, and I want you to listen and think about who you are going to talk to and about what. Some of the issues I talk about below have never been talked about openly for many years.

Yes, mental health is an issue. It creeps in to our lives without actually ever making itself evident. Depression is a classic, tiny things can start it off and it grows over time – over time it becomes like an all-consuming virus until it affects all areas of our lives.

I know I suffer with mental health issues. Yep, more than one. Some of my closest friends probably don’t even know it … but they are there. Today is my Time to Talk and help others take some courage to talk too.

Digiholic.

I am a digiholic. You only have to be around me for a short space of time before you see the manifestation of what this looks like. I am fascinated by technology, I have been since owning a BBC Micro. I played Elite properly by working out the algorithm behind the game and how to rise through the ranks of the game (*Spoiler – it was based on 255). I drew maps of text adventures until I had whole worlds drawn out on music rule wide carriage paper. When I got my first PC, I took it apart. Every jumper off the motherboard, every screw … later in life this actually helped me pass my university course as I fixed PCs in payment for help with coursework.

But then I hit an interesting patch. My early jobs as helpdesk for an EDI Messaging company led me to research the land of e-commerce pre-2000 when to be cool meant putting an ‘e’ at the front rather than an ‘i’ or ‘cyber’. I used to spend over 18 hours a day at the keyboard reading, watching, learning. And there … right there, the obsession was born.

In the information security landscape, we see this described as autistic, ADHD trait, on the spectrum. This compulsion to find stuff out – curiosity on steroids. There in a bedsit I stared at a screen one Sunday morning and realised it had been over 50 hours with no sleep and I was staring at a screen trying to learn everything about e-commerce products and competitors. I locked the computer and walked out of the door. I walked. I walked for about 10 miles, I walked in silence. I ran away if you like until I found myself in a deer park and it was late, really quite late. I hadn’t eaten for 2 days and I was sat on a park bench. I took my time inside my head to have the conversations, to talk, and put in place my personal protection plan. I realised there and then how close I had become to just disappearing into a world that would have been difficult to come out of.

I knew I had to protect myself and my Personal Protection Plan is still in place today. I won’t go more than 24 hours behind a keyboard. I will always break it. I own the computer not the other way round. Recently my family went camping to an area with poor phone signal and for 2 weeks I spent a total of 2 hours on the internet. It was heaven but I also felt that twinge – like an addiction.

We need to un-jack ourselves. Power down. Step away from the keyboard. In the 80s the UK kids TV program had it right…

Why don’t you just switch off your television set and go and do something less boring instead?

I am still obsessed and still have this compulsion, but concentrating it into shorter burst means I am more effective which gives me greater pleasure in being always connected.

Depression.

Or should I more accurately put it – the lack of depression. It is normal to have depression, it is a chemical reaction, but I don’t get the same reaction. I recently was told by a senior member of staff that he had been concerned about me, was I depressed, having a breakdown – I found the comment very amusing as I knew what he was trying to get to, but he also was being quite offensive and unfortunately did not understand what was actually going on. Let me explain.

As a child I was bullied. I was bullied for many reasons, I was short, fat, intelligent, socially awkward and I had an accent which didn’t fit with the school. To protect myself, I lost my accent – try doing that when you are 5 years old! I took control of my emotions – yes, I could be beaten up, kicked to the ground and yet I would not cry, I would not show emotion. I had mastered my emotions. This was so useful as a child in that I could not break in front of my attacker. However, the danger was there was no place I could let it out. And so one day I held my attacker by the throat against my classroom wall holding him about 18 inches off the ground and screamed in his face “Don’t ever touch me again.” I came to my senses very quickly and realised he was struggling and I let him go and walked out the classroom. I hid and cried. I cried for about 10 minutes before sorting myself out. Then when I came back to the classroom, the silence was deafening. My bully eventually became a great friend and he later apologised for the years I had been bullied.

As I have spent now over 30 years with my emotions in control, manipulative and pressure tactics used by managers have rarely worked. This control means that I can put myself into difficult situations and control my emotions enough to control the output. It also means that I have an interesting life – I don’t do stress, I don’t do depression. These negative emotions and habits are just not needed, so I find emotional workarounds. If I am feeling lower, I use music to raise my mood. If make sure that tough deadlines become realistic ones.

But … and this is a big but … I have to find my releases. I have to find a way to allow natural emotions come out. I have many ways to do this – and each of them is done in a controlled manner.

How do you control your emotions ? I have absolutely no idea if I am totally honest.  I wish I could. Part of it is definitely having an understanding about what you want as an outcome to a situation and understanding how you need to behave to get it to happen. But depression is a no-no. It only serves to undermine your view, your psyche, your emotional stable. I therefore don’t let things get me down. No matter how hard things get, I am not at the bottom of the tree. I believe some of this is also my own personal integrity. Knowing myself means that I also know what I am sacrificing if I needed to and what I won’t compromise on.

So there we go, maybe next year I will share some of my other mental health areas. If you want to talk to me about your mental health and how healthy you think you are or not, then please feel free. I will listen.

The world is too small to not get on with each other.

You’re a long time dead, so enjoy the living.

In the infosec world, we have lost too many great people to mental health problems, depression, anxiety, autism, adhd, today is a time to talk.

Many thank to my old friend Mariel for bringing this to my attention.

Stu

Paris Hilton for Pope – no really !

Yes, I do believe Paris Hilton should apply for the position of Pope. Hear me out !

 

Let’s see the facts :

  1. She has done some bad things and then said sorry
  2. She has style – something I can’t say about any of our previous Popes
  3. She is female – about time the church caught up with 21st century life
  4. She mixes well in different social circles – she’s met royalty too !
  5. She is ambitious
  6. She has business acumen
  7. She has money – so does the church but then they wouldn’t pay her as much so they’d save money !
  8. She understand the power of brand – and how to retain it even when you are showing your arse (literally!)
  9. She knows how to get people on her side – that could be useful with waning attendances at church
  10. She is relatively good-looking (compared to our current Pope – and all previous ones for that matter)
  11. She is an entrepreneur
  12. She can drive herself
  13. And her cars are better
  14. She can stay in Hilton hotels for free
  15. She speaks English so at least some of us will understand the Pope (who learns Latin these days?!)
  16. She has a proven track record of drinking wine
  17. With all her PR mistakes, she’s still successful – she has some miracles going for her !
  18. Fashionable – no big gold pointy hat required
  19. The world media love to follow her so free publicity
  20. She has famous friends – it worked for the Church of Scientology !!

 

Vote Paris4Pope !

If you’re going to Tweet it – #Paris4Pope

 

OK – all fun aside, here’s the serious bit !

All because someone has the right qualifications, doesn’t mean they’re right for the job. Your CV might be perfect but (as Simon Cowell so eloquently put it) it’s also the X-Factor. We all know that Paris would probably last less than 30 seconds, and for those 30 seconds all would appear to be working well. But then it falls apart and generally very rapidly. Think about your own career and when  you have left various companies. Paris is no Messiah for the Catholic church, that’s for sure. You are not the new all singing dancing new recruit that will save a business either – especially if you don’t fit.

  • Take your time in interviews to make sure you are right for the company
  • Take your time to ensure they are right for you
  • Meet your team
  • Meet your prospective new boss
  • Take your time to read up reviews from customers
  • Make sure your life goals align with this business

Do you fit and does it fit with you. Each thing that doesn’t align is another reason you shouldn’t be working there. The more reasons there are, the more damage it will do to you. You may not see it initially, but longer term, you will really screw yourself up. Choose wisely !!

 

I suppose I was lucky when I landed in my current position. I had spent nearly 2 years shadowing them and watching them grow. Luckily, my crunch point happened to coincide with a fantastic offer which was the enabler for me to start my new career. It hasn’t always been easy, but hey, I have goals too ! I can tick off though the significant pluses and positives in my current role which allows me to grow. This is important with a career. Could you see Paris Hilton growing in her role as Pope ?! Are you ready to step up and make a difference, not only in your life but to get a career that actually helps you back ?

 

So there we have it, Paris Hilton would make a great Pope (for 30 seconds) and you’re not the Messiah. Not the most earth shattering of blogs, I have to admit, but it was fun and I hope inspiring too.