Published Works

Evidence - Telecommunications (Security) Bill

I give this evidence in a personal capacity as an expert in cybersecurity having worked in large-scale internet infrastructure for the past few years and multiple projects to drive cybersecurity standards. Secure communication protocols I’ve developed have been adopted in popular services like Have I Been Pwned?, Google Chrome, Apple iOS and Mozilla Firefox. I have authored over a dozen scholarly computer science papers on the security of communication networks, anonymous communication protoc...

Password Authentication Attacks at Scale

Whilst there is much literature on password authentication attacks, there has been little study of real online brute force attacks. This paper provides analysis of the most prolific attackers and provides analysis of distributed brute force attackers using unsupervised learning technique for clusterization. Compromised credential checking has recently emerged as an approach to improve password security by deterring users from using re-using breached passwords. Analysing an implementation on a la

Mastering PHP Design Patterns

Back in 2010, MailChimp published a post on their blog, entitled Ewww, You Use PHP? In this blog post, they described the horror when they explained their choice of PHP to developers who consider the phrase good PHP programmer an oxymoron. In their rebuttal they argued that their PHP wasn't your grandfathers PHP and that they use a sophisticated framework. I tend to judge the quality of PHP on the basis of, not only how it functions, but how secure it is and how it is architected. This book focu