Stories by Dave Lewis

Drones, privacy and the war on intellect

I’ve been a fan of drones for a while now. I enjoy messing about with them and I even have my own micro drone with a camera. Now, while I saw the I enjoy playing with drones I’ve always kept a keen eye not to get video of my neighbours backyards and so forth.

Dave Lewis | 20 Apr | Read more

Surfing porn can lead to infections

Malware is a tiresome fact of life online. Ever since my first encounter with the Stoned virus years ago it has never ceased to be amaze me that the pace of this sort of software continues virtually unabated.

Dave Lewis | 04 Apr | Read more

Job hunting? White House seeking a CISO

I cannot help but to think of some memes at times. The one that has gotten lodged there today is the late Robin Williams with a great big bushy beard screaming “What year is it?”. News came out today that, at long last, the White House has come to the conclusion that there is a need for a CISO.

Dave Lewis | 31 Mar | Read more

Security missives from the front lines

This is a curated collection of my own encounters as well as some that were contributed by others. If you have some gems to share please send them along or leave a comment below. I’d love to build this list out as I know there are many more out there.

Dave Lewis | 28 Aug | Read more

Time for a ‘Flash' extinction level event

Ages ago the dinosaurs roamed the earth. All evidence demonstrates that they met with an untimely end. Much in the same vein, I firmly believe that Adobe's Flash has reached it's own extinction level event. Time for this dinosaur to quietly slip into the tar pits and be relegated to the mists of time.

Dave Lewis | 01 Aug | Read more

Why Does SQL Injection Still Exist?

After having spent the last two weeks in Asia I find myself sitting in a hotel room in Tokyo pondering something. I delivered a few talks in Singapore and in Manila and was struck by the fact that we're still talking about SQL injection as a problem.

Dave Lewis | 31 Jul | Read more

Blackshades: The script kiddies lament

News broke this week that a massive global raid had taken place over two days which comprised of 359 coordinated searches in 16 countries and there were apparently 80+ arrests as a result. Why? Well apparently all of the aforementioned targets had a copy of the Blackshades remote access trojan or RAT.

Dave Lewis | 21 May | Read more

Ruby on Rails security update available

First off, what is it? Well, for those of you who may not know, Ruby on Rails is an open source web frame work that has been around since 2003. It was first developed by David Heinemeier Hansson and has since gone on to be used in thousands of web applications such as Basecamp, Twitter and Github.

Dave Lewis | 08 May | Read more

Into malware? Time to play in the Cuckoo Sandbox

Have a taste for tearing apart malware? Then you have probable played with Cuckoo Sandbox. If not, it is really time to take a poke at it. This is an open source malware analysis toolset. You can drop a suspicious file (or even one that is somewhat shifty in nature) into it and it will run tests. In no time at all it will spit out a report as to the nature of the file and what it tried to do all from the relative safety of a virtualized environment.

Dave Lewis | 06 May | Read more

BSides London 2014

I'm very happy to be back in London for the second year in a row to attend BSides London. This year the conference has grown in size and has attracted a great list of talent. Talks range from the likes of Stephen Bonner, Graham Sutherland and Jon Butler.

Dave Lewis | 29 Apr | Read more

Heartbleed bled out and now, an arrest

The RCMP have managed to track down and arrest the first ne'er do well in London, Ontario. The RCMP have not indicated how they managed to puzzle out who attacked the Canada Revenue Agency. I am curious myself but, not for the same reasons. I'm curious what led a 19 year old from Southern Ontario to think that activity was acceptable.

Dave Lewis | 24 Apr | Read more