Nik Cubrilovic

Australian-born entrepreneur and hacker. Currently working in advisory and consulting positions, previously at [Techcrunch](, [Omnidrive]( and a number of other startups since 2000.

Nik has over 15 years of experience as a developer, penetration tester and solutions architect in industries ranging from finance, manufacturing and real estate through to consumer web application development. Nik has worked for and continues to consult and advise startups, SMB’s, venture capital firms and large enterprises including a number of Fortune 100 companies. Nik has worked and lived in Australia, the United Kingdom, South Africa, throughout continental Europe and Asia and is now based in San Francisco, USA.

Nik has contributed to a large number of open-source projects and published a number of security vulnerabilities for various platforms and applications since 1996. Nik is an advocate of consumer privacy and security protection, applying cryptography to all communication, the Tor anonymity network, Bitcoin and a number of other security and privacy related projects and initiatives. In 2007, he was named in The Bulletin magazine as one of Australia’s “”Smart 100″”.

Crunchbase profile →

Latest from Nik Cubrilovic

  • Microsoft Launch WebsiteSpark: Free Software For Web Developers

    Moments ago Microsoft launched WebsiteSpark, a new program to provide web developers and designers free copies of Microsoft development tools, applications and server licenses for a period of three years. The program is the third and latest launch as part of the ‘spark’ series of outreach and support programs designed to engage communities with new Microsoft products. The… Read More

  • Basic Flaw Reveals Source Code to 3,300 Popular Websites

    A Russian security group has posted a detailed blog post (translation here) about how they managed to extract the source code to over 3,300 websites. The group found that some of the largest and best known domains on the web, such as and, amongst others, are vulnerable to an elementary information leak that exposes the structure and source of website files. A web surfer is… Read More

  • Twitter's Next Headache: API Name Squatting

    Twitter continues to work through username squatting issues by reassigning trademarked and even non-trademarked user names to their more appropriate owners. It’s a manual process that sometimes takes weeks, but with Twitter’s growing importance more and more brands are trying to lock up their usernames. Now, though, Twitter has a new headache, and poor organization and planning… Read More

  • Enables RSSCloud In Post Feeds

    RSSCloud is a new format specification for feeds that solves polling and notification issues. It works by adding a cloud element to a feed which describes the path to a cloud server that should be notified when a feed is updated. The cloud server, in-turn, will send the updated feed content to all subscribers and aggregators. There is a description of this process on the RSSCloud… Read More

  • RubyOnRails XSS Vulnerability Claims Twitter, Basecamp And My Confidence

    It was only three days ago that I wrote about the almost hopeless challenge of web security, specifically around new vectors with cross-site scripting attacks. Today came news that an XSS vulnerability had been found in the RubyOnRails development framework – and that applications built on the framework, such as Twitter and Basecamp, were vulnerable to XSS attacks. The vulnerability… Read More

  • Gmail Now Really Down – Can I Get My Email Back Please (Update: Its Back)

    We wrote this morning about Gmail suffering some turbulence, but it appears now that it has completely crashed and disappeared. Both Apps For Domain and the usual consumer Gmail service are down completely. Google seem to be going backwards on fixing the problem, this morning they sent out an alert saying: September 1, 2009 8:18:00 AM PDT
    Google Mail service has already been restored for… Read More

  • The Almost Hopeless Challenge Of Web Security

    Today we are trusting the web with our most personal and important data, from private photos and social graphs to finances and key work documents. Our hesitation to share such information has dropped over the years as our trust in our favorite services grows. Yet all the while, the web is actually growing less secure, as sites are left open to new attacks that can spread easily and leave… Read More

  • The Anatomy Of The Twitter Attack

    The Twitter document leak fiasco started with a simple story that personal accounts of Twitter employees were hacked. Twitter CEO Evan Williams commented on that story, saying that Twitter itself was mostly unaffected. No personal accounts were compromised, and “most of the sensitive information was personal rather than company-related,” he said. The individual behind the… Read More

  • Facebook Admits Click Fraud Problem, Says Fix Coming Today

    An update to our post yesterday talking about a weeks-long issue with click fraud on Facebook: A spokesperson for the company admits there’s a problem and says a fix is coming today. Advertisers will also be credited for any fraudulent clicks. In a comment to the post, Brandon McCormick says: This is Brandon on the Facebook communications team. I wanted to chime in to make sure that… Read More

  • Facebook Click Fraud Enraging Advertisers (Updated)

    Facebook has a big revenue target this year – $550 million, according to investors who were pitched in the last round of funding. That’s nearly twice 2008 revenues of $280 million. A big part of that revenue comes from cost-per-click advertising from small self serve advertisers. And right now those advertisers aren’t very happy. They’ve been complaining about click… Read More

  • Amazon Boosts Storage Features In EC2

    Amazon today launched a new web service – EBS, the Elastic Block Store (yes I also first read it as ‘Elastic Book Store’) for EC2. EBS provides persistent storage for EC2 computing instances, and the service is public today and available to all customers after a period of alpha testing with some users. Previously EC2 instances were able to access temporary storage as part of… Read More

  • Amazon Launches EBS – Persistant Storage for EC2

    Amazon today launched a new web service – EBS, the Elastic Block Store (yes I also first read it as ‘Elastic Book Store’) for EC2. EBS provides persistent storage for EC2 computing instances, and the service is public today and available to all customers after a period of alpha testing with some users. Previously EC2 instances were able to access temporary storage as part of… Read More

  • AppStore Developer TapTapTap Publishes Sales Figures

    iPhone application development house taptaptap has published sales figures for the first month of sales for their two AppStore applications, bringing further insight into overall sales volume and figures for the online store. The two applications developed by the company are WhereTo, an application that provides a more general GPS interface to the iPhone with location-based services, and… Read More

  • Facebook Security Advice: Never Ever Enter Your Passwords On Another Site, Unless We Ask You To

    After the recent outbreak of a worm that hacked user Facebook accounts and disseminated through users contacts, Facebook responded with a post with advice to users on general tips about web security. Facebook head of security Max Kelly, a former FBI computer forensics examiner, wrote a blog post with advice to Facebook users including: As a Facebook user you can help us protect you by doing… Read More

  • One Year Later: FeedBurner Gains Google Server Power

    Over a year has passed since Google completed the acquisition of feed massaging and hosting service Feedburner, and today some users now finally have their feeds hosted on what appears to be Google’s servers and infrastructure. At Techcrunch we have always been big fans of Feedburner, and their widgets and RSS subscriber counts have adorned almost all of our sites since their first days. Read More

  • Sitemeter Kills Thousands Of Sites For IE Users

    In yet another case of widgets going crazy and causing havoc, a bug in Sitemeter has caused a large number of websites and blogs using the free web analytics tool to fail loading for users of Internet Explorer. Users of Google’s Blogger were amongst the first to report experiencing problems with sites running Sitemeter at 6pm pacific time on Friday. The problem has since been… Read More

  • Atlassian Announces JIRA Studio Hosted With Contegix

    Atlassian has announced the availability of their JIRA Studio suite as a hosted Saas service. JIRA Studio is a hosted integration of popular Atlassian products starting with the JIRA issue tracker and Confluence, their wiki and knowledge management product. Atlassian has partnered with Contegix to provide the hosting for the new suite of applications. The JIRA Studio solution includes… Read More

  • Microsoft Acquires Datallegro

    Microsoft announced today that they have acquired data warehousing application provider Datallegro for an undisclosed amount. The acquisition was run out of the Data and Storage Platform division at Microsoft, with an intention to integrate the Datallegro application into Microsoft SQL Server and the data application suite. Microsoft are rapidly building out their data services offerings and… Read More

  • Open Web Foundation Officially Launches

    This morning at that OSCON conference David Recordon of Six Apart will announce on stage the formation of the Open Web Foundation. The new foundation is about providing a home for the development and ratification of web-related standards efforts. The foundation will be focused on developing the technical specifications of protocols used for communication and inter-operability between… Read More

  • Mass Reorg at Microsoft Platforms & Services Division

    Microsoft has just announced a major reorganization of its Platforms & Services Division. It will now be split into two groups (Windows/Windows Live and Online Services) which will both report to Steve Ballmer. That’s right. Steve Ballmer will now personally be running Windows. Kevin Johnson, who used to head the Platforms & Services Division, will soon be leaving the company… Read More