Robin Oldham


I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously led BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.

I help businesses defend themselves from cyber crime and thrive in the digital world and have over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.

This is my personal site, where I publish archive copies of my weekly newsletter and aggregate my posts from other platforms.

If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.

Robin's Newsletter
I send out a weekly information security newsletter of the news and links that have caught my attention and why I think they're interesting. Check out the previous editions, or:

Recent Posts

Robin’s Newsletter #170

Azure Linux VMs being compromised. OWASP Top 10 draft updates. Microsoft goes passwordless. Learning from other professions.

 Vol. 4  Iss. 38  19/09/2021   Robin Oldham

This week Vulns in Azure Linux VMs being actively exploited Security researchers from found vulnerabilities in Microsoft Open Management Infrastructure (OMI)project that can trivially be exploited and used to remotely execute code on Linux virtual machines running in Microsoft’s Azure cloud. By not providing an authentication token, the OMI agent on the VM would simply not perform an authentication check and default to running the commands as root. Oops.

Read more… ( ~4 Min.)

Robin’s Newsletter #169

Encryption backdoors, the NSA and Juniper. Proton Mail got served. Wireless charging side-channel attacks.

 Vol. 4  Iss. 37  12/09/2021   Robin Oldham

This week Encryption backdoors, the NSA and Juniper New reporting on some older events that’s relevant in the current encryption debate and the need for backdoors. Sometimes simple commercial pressure can get your government encryption backdoor into commercial security products. The NSA developed an encryption standard called ‘Dual Elliptic Curve Deterministic Random Bit Generator’ (Dual EC CRBG), got NIST to include it in a standard (NIST SP-800-90A) and then leaned on US network vendors like Juniper, RSA and Cisco to implement it in their products.

Read more… ( ~5 Min.)

Robin’s Newsletter #168

Focus on proxyware, patch your confluence servers, the normalisation of surveillance, and interview with a ransomware negotiator.

 Vol. 4  Iss. 36  05/09/2021   Robin Oldham

The next couple of newsletters will be a slightly condensed affair as I’m on holiday. This week Focus on proxyware Cisco Talos have a good write up on proxyware: tunnelling traffic to ‘share’ internet bandwidth with other users and make it appear to be coming from other networks - a bit like Tor - with those that install the software often being paid modest fees for running a node and participating in the network.

Read more… ( ~6 Min.)

Robin’s Newsletter #167

Microsoft's $20BN investment is on its own products, and they need the investment. Future of the UK's 'post-Brexit' data protection regime and new Information Commissioner. Samsung can remotely disable its smart TVs.

 Vol. 4  Iss. 35  29/08/2021   Robin Oldham

This week Azure Cosmos DB data available for world + dog Security researchers at Wiz this week disclosed a vulnerability in Microsoft Azure’s Cosmos DB that gave read and write access to every database on the service. The vulnerability stems from a feature added by Microsoft in 2019 to allow interoperability with Jupiter Notebooks. Full details are not available yet, but involves privilege escalation that gives a user access to their, or any other Cosmos DB’s primary keys.

Read more… ( ~10 Min.)

Robin’s Newsletter #166

T-Mobile suffers *another* data breach. Pearson settles over misleading investors. Outrage in cyber risk. Anyone can post a LinkedIn job as pretty much any company.

 Vol. 4  Iss. 34  22/08/2021   Robin Oldham

This week T-Mobile data breach exposes personal data of 47.8M people T-Mobile announced a data breach affecting 47.8M people this week after a post on a dark web marketplace advertised the data on ‘100 million people’ for sale. If it sounds familiar, that’s because this marks the fourth breach in four years for T-Mobile (vol. 3, iss. 10), making the claims that they “take our customers’ protection very seriously” increasingly hard to swallow.

Read more… ( ~7 Min.)

Robin’s Newsletter #165

Apple's damage-control on CSAM. Belarus' state security doxxing. Code poisoning ML models.

 Vol. 4  Iss. 33  15/08/2021   Robin Oldham

This week Apple scrambles to contain fallout of new CSAM features Apple’s plans to tackle child sexual abuse material (CSAM) (vol. 4, iss. 32) on its platforms, namely iCloud and iMessage, has faced significant backlash and confusion. The protests also came internally, with Reuters reporting internal Apple communication tools having over 800 messages with concerns over the features and how they were introduced. Craig Federighi, senior vice president of software engineering at Apple, has given a lengthy video interview with The Wall Street Journal to try and clear up the confusion, though the piece is largely a consumer damage control piece rather than correcting a fundamental misunderstanding in the technical architecture being proposed.

Read more… ( ~7 Min.)

Robin’s Newsletter #164

Apple's plans to have iPhone continuously scan for child sexual abuse material are ripe for abuse.

 Vol. 4  Iss. 32  08/08/2021   Robin Oldham

This week Apple is going to scan devices for photos of child sexual abuse Apple has unveiled two new features this week to help combat the spread of child sexual abuse material (CSAM). The first is built into its iMessage app to detect potential CSAM and present warnings on children’s devices about sensitive images, help if they are being pressured and reminders that the person in the image may not have wanted it to be shared.

Read more… ( ~12 Min.)

Robin’s Newsletter #163

Biden's 'real shooting war' comments. Amazon's €746M GDPR fine. Iran's fake social media profiles. Phantom flotillas.

 Vol. 4  Iss. 31  01/08/2021   Robin Oldham

This week President Biden: cyber-attacks can lead to ‘real shooting war’ Comments from a speech given by President Biden at the Office for the Director of National Intelligence this week made for a raft of coverage. “If we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach,” — President Biden They shouldn’t come as much of a surprise: it would be incredibly unlikely for any leader to rule out retaliatory action and strategically limit their response options, especially when not knowing the nature of an attack.

Read more… ( ~8 Min.)

Robin’s Newsletter #162

China called out for state-sponsored cyber campaigns. NSO Group in the spotlight (again) for spyware. Questionable QA on Google Chrome OS update.

 Vol. 4  Iss. 30  25/07/2021   Robin Oldham

There are still places available for this summer’s CyberFirst Advanced Virtual Summer Course, certified by NCSC. It’s open to UK students in Year 12 and 13 and is taking place 16th-27th August. More info and registration at (H/T John M) This week “Oi, China, stop it,” says White House and allies US, Nato, the EU, the UK, Australia, Canada, New Zealand and Japan made statements this week naming and shaming Chinese state-backed actors as being responsible for the ‘Hafnium’ group attacks on Microsoft Exchange servers that affected over 30,000 organisations (vol.

Read more… ( ~11 Min.)

Robin’s Newsletter #161

ICO raids two properties in Hancock CCTV investigation. Another Windows printer vuln. REvil's sites offline. Identity verification isn't the answer to online abuse.

 Vol. 4  Iss. 29  18/07/2021   Robin Oldham

This week ICO Raids two properties in Hancock CCTV leak Two properties in Southern England were raided as part of an investigation into the leaked CCTV images of the former U.K. Health Secretary Matt Hancock. The images, published by tabloid newspaper The Sun, showed Hancock having an affair with an aide and breaking social distancing rules, prompting him to resign. Many questioned at the time how CCTV images from within a government minister’s office came to be in position of the press, and perhaps more fundamentally why there was a need for such invasive surveillance in the first place.

Read more… ( ~8 Min.)