Cybersecurity

I’ve spent a lot of time hardening WordPress sites and headless storefronts against credential stuffing campaigns, and the single clearest lesson is this: you need both obfuscation to reduce noisy attack surface and real-time monitoring to detect and stop adaptive attackers. Relying on one or the other will leave gaps. In this piece I’ll walk through practical, hands‑on controls I use—what helps, what’s theatre, and how to wire these...

Read more...

I get asked often which cheap Android phones are actually worth buying if you care about security and privacy. The short answer: some inexpensive phones get timely security updates, but you have to pick carefully and then lock the device down. Below I walk through which makers and models are best for update reliability at budget prices, how to check update policies before you buy, and a practical, step‑by‑step lockdown checklist you can...

Read more...

I’ve been carrying a Pixel Fold as my daily driver for several months while testing security features, privacy tradeoffs and real‑world usability. Foldables are inherently different: a larger attack surface (more sensors, hinges and screens), combined with the tight hardware‑software integration Google offers, makes for an interesting security question: Can the Pixel Fold be a secure daily phone for regular users and privacy‑conscious...

Read more...

I remember the first time a third‑party SDK caused a late‑night incident: a benign analytics library I’d approved began exfiltrating data after an upstream compromise. Since then I’ve made detecting supply‑chain tampering a standard part of any pre‑production gate. The good news is you can do a lot with free, open tools—SBOM generators, signature verifiers, lightweight static checks and simple binary inspections—to catch...

Read more...

I’ve spent a lot of time testing apps on cheap Android phones to answer one simple question: is an app quietly siphoning data off your device? You don’t need expensive lab gear to do a credible audit. With a cheap Android handset, a laptop, and a handful of free tools, you can perform both static and dynamic checks that expose common covert exfiltration techniques — DNS tunnelling, data-in-query-strings, encrypted uploads to...

Read more...

When I started replacing my deadbolt with a smart lock, I was excited by the convenience: one tap to unlock for a delivery driver, voice control through Alexa while my hands were full, and temporary codes for guests. What I didn't immediately appreciate was how a poorly integrated smart lock can become a local network attack vector. Over time I've learned to treat smart locks like the sensitive endpoints they are; you don't leave the front door...

Read more...

I remember the first time I shipped an app that pulled in a third‑party SDK. It promised analytics, crash reporting and a couple of slick UI widgets — all in one package. The integration was painless and the demo looked great. A week later we started seeing unexpected traffic spikes, unexplained permissions prompts, and a client worried about leaked PII. That experience taught me to treat SDKs like components of my attack surface, not just...

Read more...

Quiet devices are the worst kind: they blend into your home network like wallflowers until something goes wrong. Over the last few years I’ve spent a lot of time hunting down “stealth” IoT gadgets — cameras that phone home on odd ports, smart bulbs that appear under generic hostnames, and devices that never show up in the router GUI. Below I’ll walk you through practical, free techniques and tools I use to find, fingerprint and monitor...

Read more...

I spend a lot of time working from coffee shops, libraries and coworking spaces, and one question keeps coming up from readers, founders and friends: how do you secure devices and data on an open Wi‑Fi network without turning every connection into a fortress that destroys usability? In this hands‑on guide I walk through the practical steps I use to protect myself and my team in shared spaces. No theoretical laundry list — just workable...

Read more...

I started this practical privacy audit because I got tired of vague privacy promises from big tech and wanted something I could apply to my own phone in under an hour. If you carry a smartphone from Google, Apple or Microsoft, you’re handing that company a lot of signals about your life—even when you think you’ve turned everything off. Below I walk through what these companies actually collect, how to find the evidence on your device and...

Read more...