Your API sucks : security

Pop quiz time. You are given the following example URL to GET as an example of making a payment from your application. How many things here would make you back away slowly before setting the server farm on fire? http://www.example.com/api/pay?cardnumber=1234123412341234&ccv=1234&expirymonth=12&expiryyear=12&amountinpence=123456 So you complain it’s unsecured and they come back with an upgrade, so you need … More Your API sucks : security

Isolated IoT

Following my thoughts on the botnet of things, and not trusting users with security, I was reading this post from Troy Hunt a couple of months back talking about not letting untrusted devices onto his home network, for much the same reasons. And it got me thinking about how such devices could be isolated enough … More Isolated IoT

DRM and plastic knifes

I thought Digital Rights Management was dying when iTunes no longer required it. I was wrong. It’s sneaking into HTML, it’s in coffee machines, it’s being discussed for JPEG, it’s led to the introduction of boot lockers to prevent users from modifying the operating system on their machine. So what? Surely copyright holders have the … More DRM and plastic knifes