Nik Cubrilovic

Information Security Consultant, Nik Cubrilovic

Australian-born entrepreneur and hacker. Currently working in advisory and consulting positions, previously at Techcrunch, Omnidrive and a number of other startups since 2000.

Nik has over 15 years of experience as a developer, penetration tester and solutions architect in industries ranging from finance, manufacturing and real estate through to consumer web application development. Nik has worked for and continues to consult and advise startups, SMB’s, venture capital firms and large enterprises including a number of Fortune 100 companies. Nik has worked and lived in Australia, the United Kingdom, South Africa, throughout continental Europe and Asia and is now based in San Francisco, USA.

Nik has contributed to a large number of open-source projects and published a number of security vulnerabilities for various platforms and applications since 1996. Nik is an advocate of consumer privacy and security protection, applying cryptography to all communication, the Tor anonymity network, Bitcoin and a number of other security and privacy related projects and initiatives. In 2007, he was named in The Bulletin magazine as one of Australia’s “”Smart 100″”.

Nik Cubrilovic

The Anatomy of The Twitter Attack: Part II

10:53 am PST • December 18, 2009

During and after Twittergate, when a hacker broke into a few hosted email accounts and obtained a number of internal documents, I had an opportunity to spend hours speaking to…

Late last night the popular micro-messaging service Twitter was attacked and had its website defaced by a group calling itself the Iranian Cyber Army. The Twitter homepage and the main…

Barnes and Noble Nook e-Book Reader Rooted

12:16 am PST • December 15, 2009

The recently released e-book reader from Barnes & Noble, the Nook, has been rooted by the community of enthusiasts at nookdevs.com. The complete instructions for hacking the device and obtaining…

RockYou Hack: From Bad To Worse

11:42 pm PST • December 14, 2009

Earlier today news spread that social application site RockYou had suffered a data breached that resulted in the exposure of over 32 Million user accounts. To compound the severity of…

jQuery is a Javascript library that is used in a large number of web applications and is popular amongst web application developers. It was launched in 2006 by John Resig,…

Earlier this month college textbook rental company Chegg raised $112M as part of a combined Series D and debt round, bringing the total raised by the company to a massive…

In July of last year, I wrote about The New Apple Walled Garden. The post was about the irony of developers and advocates who were otherwise open standards and open…

PHP Founder Rasmus Lerdorf Leaves Yahoo

6:50 pm PST • November 10, 2009

PHP founder Rasmus Lerdorf has left his long-held position at Yahoo, according to his Twitter account. Lerdorf joined Yahoo in 2002 and has worked for the company as an engineer…

(Updated) Downtime At Rackspace Cloud

11:52 pm PST • November 2, 2009

A large number of customers of Rackspace Cloud, including Techcrunch, have been experiencing downtime for the past 1h 20m or so. The status blog reports that the service was degraded,…

A new generation of database products and companies is beginning to emerge, and one of the more interesting examples is Swedish-based Neo Technology, the developer and vendor of the neo4j…

Amazon has launched a hosted relational database service, Amazon RDS, as part of the suite of services available at AWS. The new service is a hosted MySQL database instance with…

Amazon has launched a hosted relational database service, Amazon RDS, as part of the suite available at AWS. The new service is a hosted MySQL database instance with the full…

We received a number of tips early this morning that the majority of web servers at Twitter was exposing server and load-balancer status information to the public. The status page,…

Yammer, the Twitter-like short messaging service for business users, has been experiencing a prolonged period of downtime today due to DNS issues. The service first went down over 12 hours…

Relevance Over Time

12:09 am PDT • October 12, 2009

When email was first created in 1965 it was used as a method to communicate between time-shared mainframe computers. Email has rapidly evolved since then, with the evolution of rich…

Letting Data Die A Natural Death

9:20 pm PDT • October 10, 2009

The big story today is about Microsoft subsidiary Danger losing all T-Mobile Sidekick customer data from their servers. Danger is the company noted for the T-Mobile Sidekick, the revolution in…

Google made a very minor but significant change to their search homepage earlier this week. While everybody else was distracted by the barcode logo, a few Chrome and Safari users…

A large number of web services are geographically restricted, such as Hulu, Pandora and Spotify. The reasons are usually to do with content licensing restrictions, or because US visitors (or…

The background debate about whether or not Twitter can actually scale has intensified. More than a year ago I asked “Twitter At Scale: Will It Work?” Today Twitter is far,…

Squidoo founder and author Seth Godin has backed down on creating company pages by default as part of their new ‘Brands In Public’ service that launched a few days ago.…

Moments ago Microsoft launched WebsiteSpark, a new program to provide web developers and designers free copies of Microsoft development tools, applications and server licenses for a period of three years.…

A Russian security group has posted a detailed blog post (translation here) about how they managed to extract the source code to over 3,300 websites. The group found that some…

Twitter's Next Headache: API Name Squatting

1:55 pm PDT • September 16, 2009

Twitter continues to work through username squatting issues by reassigning trademarked and even non-trademarked user names to their more appropriate owners. It’s a manual process that sometimes takes weeks, but…

RSSCloud is a new format specification for feeds that solves polling and notification issues. It works by adding a cloud element to a feed which describes the path to a…

It was only three days ago that I wrote about the almost hopeless challenge of web security, specifically around new vectors with cross-site scripting attacks. Today came news that an…

We wrote this morning about Gmail suffering some turbulence, but it appears now that it has completely crashed and disappeared. Both Apps For Domain and the usual consumer Gmail service…

Today we are trusting the web with our most personal and important data, from private photos and social graphs to finances and key work documents. Our hesitation to share such…

The Anatomy Of The Twitter Attack

3:40 am PDT • July 19, 2009

The Twitter document leak fiasco started with a simple story that personal accounts of Twitter employees were hacked. Twitter CEO Evan Williams commented on that story, saying that Twitter itself…

An update to our post yesterday talking about a weeks-long issue with click fraud on Facebook: A spokesperson for the company admits there’s a problem and says a fix is…

Facebook has a big revenue target this year – $550 million, according to investors who were pitched in the last round of funding. That’s nearly twice 2008 revenues of $280…