I'm a Computer Science Graduate from Oxford University, England. After
deciding to leave Oxford at the start of my 4th year to do
something more interesting, and just stick with a BA, for one year I
worked for 4 days a week as a software engineer at a
Semmle (a company that
does some cool source code analysis for a
few big tech
companies, including NASA, Dell, and Dropbox), and also taught
Computer Science at a
students on the autistic spectrum once a week. I now work full time
at Semmle as Lead Developer on lgtm.com.
During my time at Oxford, I have been both the
and the President
of the Oxford University
Computer Society, and also the IT Rep for the JCR at
College. In addition, I was involved in 3 separate "Learn to
Code" courses for students, including one of which I organised, ran
and co-wrote the content for. I also volunteered as a helper at my local
CoderDojo for some
Inside the software field, my main interests are in Communication &
Networking (in particular mesh networks), Security, Cryptography
(especially usability), Anonymity, and Censorship Resistance. I do like to
periodically get away from technology however, and outside of that I have
quite a bit of interest in political / social structure (completely
re-factoring it, that is), and generally doing my part to help bring about
a better world.
If you want to get in touch, your best bet is probably
Jan 12, 2017
The Guardian have just released an article supposedly revealing a Backdoor in WhatsApp that allows snooping of users' messages. That's what I'll be addressing here...
I'd like to start out by saying that this is a very technically accurate and concise article. While reading it, I found that all the questions I would have had as someone in the security community were answered. However, it is sensationalist, in particular the headline.
Backdoors are traditionally discreet and unnoticeable, you would sneak it in, and certainly not see anything in the UI. In this instance however, it is completely observable in the UI (if you have the security notifications enabled), although if you aren't keeping a close eye, it may be difficult to determine exactly which messages were re-sent to the new key.
So this is not a backdoor, at least I wouldn't call it that, I would call it a design flaw... a design flaw with security consequences. But some wouldn't even consider it something as severe as that, to some this is working as intended.
Back when this behaviour / flaw was first talked about in April 2016, Facebook responded with:
[...] We were previously aware of the issue and might change it in the future, but for now it's not something we're actively working on changing." [...]
And Facebook are likely to come out with a similar (perhaps more fluffy) response now that this is being re-hashed in the mainstream media.
View All Posts…
Mar 06, 2016
For a while, users of Tor have been exposed to a great deal of frustration while browsing the web; when visiting websites that are using CloudFlare, they are presented with a Captcha before being able to load the website. (for every, single new website they navigate to in a single session).
This makes navigating the web a particularly tiresome experience, especially as so much of the web is protected by CloudFlare's services.
Right now, there is an ongoing discussion on the Tor Project's ticket system regarding this problem, inviting anyone to propose potential solutions to the problem. There have been a few potential solutions discussed, but ultimately nothing that solves all the problems for all concerned parties.
Over the course of this ticket being open though, CloudFlare's CTO has been very active in this thread, and CloudFlare now provides the option for its customers to decide on how to treat tor traffic, specifically, it allows customers to whitelist Tor exit nodes. This is great news and shows CloudFlare's willingness to discuss and come to a solution with the community.
In this post I propose a take a critical approach to discussing the existing suggestions and propose a new potential solution.