About:us
SensePost Ten Years Old
After ten fascinating years, during which many people have contributed in so many ways to the place that is SensePost, by strange coincidence it falls on me to pen the words that mark our first decade in existence. To quote Robert Hunter: “What a long strange trip it’s been”. SensePost was officially founded on February 14, 2000. Of everyone who was involved at that time, I’m the only one still working here, which earns me the dubious honor of ‘oldest employee’. Do I get a gold watch? I meant to think much more over the last few weeks and months about how we should celebrate this day, or what I would write in a letter like this, but in the end (business being business) I’m writing this in a rush on a Sunday evening, with another three big things to complete before I allow myself to go to bed. Then again much of our success (in so far as we’ve been a success) happened in hurry on a Sunday night, so let’s not write this little piece off too soon, shall we?
Removing registration requirements
Over the years we’ve offered almost all our tools, papers, presentations and other materials for free, albeit with a “registration required” proviso. The registration wall has been in place for some time now, and was used to track unique users as well as permit users to opt into SensePost mailruns. What we found though, is that registration is more of a hindrance than a benefit; it creates an artificial barrier with little reward. The data isn’t that useful to us and the added steps just an extra annoyance for users, and we wanted to streamline things a little.
We are famous (almost!)
Last week had two “cloud-security” related articles hit the inter-webs.. After our Vegas09 talk on “clobbering the cloud” we had a brief chat to Rob Lemos, who called us up again, so we ended up adding the soundbyte to his piece in Technology review along with guys like Moxie Marlinspike and Danny MacPherson [here]
We also showed up on Read/Write Web, where we were called “security nerds” and “black hats”
Ahhh.. roll on 2010!
Dvorak, on Windows 7, Microsoft and attention to details..
The other day i tweeted a link from John Dvorak reviewing Windows 7. He basically said that Microsoft was dying, and said the product was “made with the same cheap Microsoft vodka.”
Dvoraks not new to this[1], (i recall reading his columns in PC magazine in the early 90’s, so he has been around). He slates Microsoft, not because of the code in windows7, but because (he feels) Microsoft has stopped paying attention to details:
How Good Companies Fail..
In early 2002 i recall reading and falling in love with Jim Collins book: “From good to Great“. I recall being so excited by some passages that i typed out whole paragraphs and sent them around to the rest of the office..
For my last birthday Deels got me Collins other book “Built to Last: Successful Habits of Visionary Companies“.
It seems as if he has done it again, with his new (soon to be released) book called “How The Mighty Fall: And Why Some Companies Never Give In”
Comments have been broked :(
Comments on the blog have been suprisingly quiet and we should have realised this when more and more people started having discussions with us via twitter or email (as opposed to simply saying their piece here).
Short Story:
It was broken, and it should be fixed again. Blame has been assigned and culprits have been whipped appropriately.
Long Story:
Most SensePost’ers interact with the blog through our company-internal blog. This allows us to share top secret information like lolcats without publishing it here. Selected posts are pumped through to public via a plugin inside (which also publishes certain comments / etc).
Defcon 16 Videos Available..
Ok.. So The Dark Tangent announced this [a few days ago], but i felt it deserved mention because i was genuinely wow’ed at the video quality.. I have only gone through a couple of the presentations, but its the first time ive found demos video’d well enough to follow ferpectly on screen..
Readers can pull the videos from [here]
SensePost’ers can pull from [here]
/mh
PS. When we did our talk (pictured above) i had almost no voice and a flu from hell
Top Ten Web Hacking Techniques of 2008
(aka – Whoot! we are almost famous!!)
Jeremiah Grossman’s panel of judges (Rich Mogull, Chris Hoff, HD Moore and RFP) hath spoken (or spake) and the top 10 web-hacking techniques of 2008 have been published.
Of course we would be lying completely if we said it wasn’t cool to make it into the top 10 (and doubly cool to make it twice in the top 10!)..
On Hiring Staff – The T-Shirt Method..
Anyone who has honestly reflected on what they know about hiring, will tell you that no matter how locked-down you think you have it, you dont. There is still way too much left to chance and way too much that you just dont know. To avoid this, companies that care about preserving their culture will sometimes adopt a “default deny” approach. It’s ok to miss a potentially good hire rather than to take on a bad one. This isn’t silly geek risk aversion.. It’s because one bad hire can do amazing damage to a culture (an area bad hires can be amazingly productive in).
When missing a good hire works out well..
A few years ago, Mohamed Nanabhay was considering joining SensePost and i was trying hard to convince him it was the way and the light. He had been a KPMG auditor in a past life (but i promised not to hold that against him).
We were not sure what he would do at SP, since he was kinda moving away from hardcore tech, but we always said that we would take quality people, even if we didnt have a niche for them, cause quality people will make a new niche.