This is the third and final post in a 3-part mini series on risky smartphone travel. Posts in this series Part 1— risks, threat actor capability, smartphone choice, VPNs, encrypted DNS, smartphone configuration Part 2 — contacts/accounts, the high risk travel itself, traveller preparation, mobile data -v- Wi-Fi, roaming, and monitoring Part 3 —…

This is the second post in a 3-part mini series on risky smartphone travel. Posts in this series Part 1— risks, threat actor capability, smartphone choice, VPNs, encrypted DNS, smartphone configuration Part 2 — this post — contacts/accounts, the high risk travel itself, traveller preparation, mobile data -v- Wi-Fi, roaming, and monitoring Part 3…

This is the first post in a 3-part mini series on risky smartphone travel. As usual, I have sat on this draft for a number of months and decided to dust it off after Kaspersky started discussing Operation Triangulation. In April 2018 I wrote ‘Being safe on hostile WiFi/mobile networks’…

I think about enterprise IT architecture and the VPNs within them a lot — probably far too much. VPN ecosystems cost a bunch of money, take significant operational effort to run, often lead to a terrible IT user experience, and are a breeding ground for vulnerabilities. …

In late 2020 I wrote that we should make URLs less important. The thinking was essentially two fold: Use technology to solve cybersecurity problems, don’t expect or make the general user do a bunch of stuff such as install a password manager (because they can’t/won’t) If you want to protect…

This post discusses four personas, the technical threats to them and their information via their smartphone, and some theory on how to defend against an increasingly capable and focused threat actors. If you find yourself matching one of these personas, following the recommendations below may serve you well if you…

A few months ago I told someone in the UK Government that a tertiary nameservice could solve a handful of problems — including the ones they were handling in relation to “how many domains? why? WHO? asset discovery!” A Tertiary DNS Server is a second secondary server. That is, a…

A deeper dive into some aspects of my other post about making URLs less important. This isn’t quite a ‘Part 2’, but more of an expansion of some technological nuances that exist today when it comes to individual services and mechanisms to deal with domains and URLs. This posts extracts…

URLs are bad for humans… so we should be tackling as many root issues as we can to help them, instead of suggesting technical solutions. Troy Hunt posted recently about humans being bad at URLs, which came about as a result of a bit of tooing and froing on twitter. …