Cybersecurity

I’ve spent a lot of time testing apps on cheap Android phones to answer one simple question: is an app quietly siphoning data off your device? You don’t need expensive lab gear to do a credible audit. With a cheap Android handset, a laptop, and a handful of free tools, you can perform both static and dynamic checks that expose common covert exfiltration techniques — DNS tunnelling, data-in-query-strings, encrypted uploads to...

Read more...

When I started replacing my deadbolt with a smart lock, I was excited by the convenience: one tap to unlock for a delivery driver, voice control through Alexa while my hands were full, and temporary codes for guests. What I didn't immediately appreciate was how a poorly integrated smart lock can become a local network attack vector. Over time I've learned to treat smart locks like the sensitive endpoints they are; you don't leave the front door...

Read more...

I remember the first time I shipped an app that pulled in a third‑party SDK. It promised analytics, crash reporting and a couple of slick UI widgets — all in one package. The integration was painless and the demo looked great. A week later we started seeing unexpected traffic spikes, unexplained permissions prompts, and a client worried about leaked PII. That experience taught me to treat SDKs like components of my attack surface, not just...

Read more...

Quiet devices are the worst kind: they blend into your home network like wallflowers until something goes wrong. Over the last few years I’ve spent a lot of time hunting down “stealth” IoT gadgets — cameras that phone home on odd ports, smart bulbs that appear under generic hostnames, and devices that never show up in the router GUI. Below I’ll walk you through practical, free techniques and tools I use to find, fingerprint and monitor...

Read more...

I spend a lot of time working from coffee shops, libraries and coworking spaces, and one question keeps coming up from readers, founders and friends: how do you secure devices and data on an open Wi‑Fi network without turning every connection into a fortress that destroys usability? In this hands‑on guide I walk through the practical steps I use to protect myself and my team in shared spaces. No theoretical laundry list — just workable...

Read more...

I started this practical privacy audit because I got tired of vague privacy promises from big tech and wanted something I could apply to my own phone in under an hour. If you carry a smartphone from Google, Apple or Microsoft, you’re handing that company a lot of signals about your life—even when you think you’ve turned everything off. Below I walk through what these companies actually collect, how to find the evidence on your device and...

Read more...

I’ve been testing smart home gear for years, and door locks are the one device that makes me pause: they protect your physical space and they're now tied into cloud services, voice assistants and mobile apps. Integrating a consumer smart lock with Alexa or Google Home can be convenient — unlocking your door with voice or automating guest access — but it also raises real security and privacy questions. In this piece I walk through the...

Read more...

I’ve spent years helping small teams pick tools that actually make work safer and simpler, so when hybrid setups started becoming the norm I quickly realised the firewall conversation had to change. A firewall for a small business in 2025 isn’t just a box at the office edge — it’s the glue between on‑prem users, remote staff, cloud services and SaaS apps. Choosing the right one means balancing security, manageability and cost while...

Read more...

Running a small e‑commerce site means juggling product listings, payment flows, customer support and marketing — all while hoping the infrastructure quietly hums along. When something goes wrong, "let’s fix it" is not a plan. Over the years I’ve helped small teams translate that gut reaction into repeatable actions. Below I’ll walk you through a pragmatic incident response playbook tailored to a small e‑commerce business: what to...

Read more...

I get asked a lot which password manager will actually protect you from phishing, and the short answer is: some do a lot better than others — but only if you configure them correctly. Over the years I’ve tested and reviewed most major managers (1Password, Bitwarden, LastPass, Dashlane, Keeper, and the major browser-built managers), and the pattern is the same: a tool can only stop phishing reliably if you understand how its autofill and...

Read more...