Meet the team: Tom Hudson – Collaboration is the way forward – 10 minute mail

Some know him by his hacker handle, TomNomNom. UK-native Tom Hudson started at Disposable mail as a Senior Security Researcher, and he is now the Tech Lead for Security Research & Module Development on the Crowdsource team.

His passions include fixing and reshaping most things from software to furniture and spending time with his two kids. He also values collaboration, and this has played a significant role in his journey going from software engineering to ethical hacking:

Photo of Tom Hudson aka TomNomNom

Image of Tom Hudson, Tech Lead for Security Research at Disposable mail

Somewhere in Yorkshire

Tom lives in Yorkshire, the UK, somewhere near Leeds. Since he was a kid, he wanted to become an inventor and he found that becoming a software engineer was a better choice, since he could meet his interest in creating something new, without the cost of raw material. Hence, he studied Electrical and Electronic Engineering at Bradford College and started his career as a network engineer. 

Over a decade has passed since then and Tom now carries a heavy backpack of experience that encompasses everything from DevOps and Solutions Architecture to People Management and Training. 

A passion for fixing things and giving knowledge

Tom has a collection of over 1000 tools and spends most of his time in the garage reshaping objects or fixing some of the toys that his 4- and 6-year-old kids damaged while playing. Fixing broken things has become more of a job since he started his career in Development and therefore, in search of a new hobby, he stumbled across training and education. “I have a passion for learning and finding out how things work,”  he says, “that is maybe why I thrive the most in a training role.”

Besides fixing tools and toys, Tom is passionate about learning new things and he feels the urge to share this knowledge with others as a trainer:

“The good thing about having a training role is that it pushes you to be better at conveying complex topics in accessible ways to a varied audience. The feeling I get from giving others tools to learn by themselves is truly rewarding.”  

From Network Engineer to a Hacker

Tom started his career as a Network Engineer at a small company that provided Information and Communications Technology (ICT) support to local schools. He was already interested in Cybersecurity then but never imagined that being an Ethical Hacker would be his full-time job one day.

His first hacking experience arrived when a former employer invited all employees to hack their system to help find vulnerabilities and breaches. This experience landed him on the HackerOne (a bug bounty platform) scoreboard and he was suddenly invited to different hacking events. 

 

As he got introduced to the bug bounty community, he realized that his previous knowledge as a Software Engineer was extremely valuable as he could use his competencies to build new tools and automate his hacking processes. This was received with a lot of curiosity by the community who started to follow him on different bug bounty platforms. The more connected he was with the community, the more he started to collaborate with other ethical hackers and build more automation for finding security flaws.

His ability to build these tools and share knowledge with other members has led him to many high-payout findings and interesting collaborations. In 2019, Tom landed one of the biggest bounties at Hackerone’s H1-4420 and won the title of Most Valuable Hacker and later led a workshop on Cybercrime with the local police.

Changing the narrative

Collaborating with the local police has made Tom better understand the need for education in cybersecurity and for a different tonality when talking about hacking.

Tom: 

Sometimes things concerning cybersecurity are legitimately scary. But I think that many marketing campaigns are trying to constantly push for a narrative that creates fear around the topic of cybersecurity. This is pushing people away, as there are a lot of misunderstandings.” 

He believes that the future will bring more bugs and breaches, but hopefully, also more scanners, more software and ultimately, more ethical hackers. He says it feels like the Internet is mature but, in reality, there is a lot of room left for growing and discovery.

Tom believes that, as high-profile data breaches will become more common, there is an increasing need for changing the narrative when speaking about them and hopes that governments will recommend open corporate responsibility disclosure programs. He says, “some governments have already started doing so, and this might reduce the perceived shadiness that hackers and cybersecurity are associated with.

The importance of diversity

While there have been interesting improvements in how people and governments understand cybercrime, Tom also acknowledges that there is still a lot to do. In particular, he believes that the cybersecurity industry needs more diversity alongside collaboration.

He says: 

“I sometimes feel like people who don’t happen to be white and male might have a more difficult time getting started in the community and I believe that especially in such a complex field as cybersecurity, diversity is incredibly important. Monocultural teams so often fail to consider cases that are important to many.” 

Tom mentioned that one of the aspects that were highly interesting about Disposable mail was diversity:

In the past, I’ve found it difficult to drive diverse thinking in my teams. At Disposable mail, it happens naturally, thanks to the gender and nationality balance.

Disposable mail – a diverse place for sharing

We asked Tom for other reasons for joining Disposable mail and he revealed his motivation to join a company that is aligned with his values of diversity and provides others tools to learn for themselves. 

He explains:

At Disposable mail, I can be part of the Hacker School project, which is a session in which we teach our customer-base, some of which may be non-security experts, about cybersecurity and give insight into the mind of a hacker. Sharing knowledge is at the core of Disposable mail’s values and products, and being part of the team means that I get to share what I know in different conferences but also within the team.” 

Tom talks about the allocated Knowledge Sharing sessions that are organized by employees at Disposable mail, where members of different teams get to share their work, passions, and hobbies with the rest of the organization.

He adds:

“On top of that, the Disposable mail team seems to be aware of the importance of work-life balance and mental health. The people here are people, not just workers and it is humbling to work in such a human environment.

From a technical perspective, Disposable mail poses a whole new challenge for me as what we are doing is super interesting and fun stuff. It feels like I have a constant influx of new things to learn!” 

The way forward

Moving forward, Tom suggests that we should lead with these values and try to be more collaborative with other companies in the industry.“We should take the community spirit to businesses,” he says, “and collaborate with our competitors or companies in the cybersecurity industry”. 

Tom believes that more collaboration in the cybersecurity industry will be beneficial, “instead of looking at each other as competitors, we should enable each other and work together to fix the complex world of the internet.”

Quick Q&A with Tom Hudson

Mac or PC? A PC running Linux.

Android or iOS? Android; the closer to stock, the better!

What’s your #1 security tip? Don’t reuse passwords and do enable two-factor authentication.

How do you keep up-to-date with tech and business? Mostly through following interesting people on Twitter.

What’s your favorite Disposable mail blog post? Bypassing and exploiting Bucket Upload Policies and Signed URLs

 

If you are ready for a new challenge to bring a more collaborative spirit to web security and work with top-ranked ethical hackers like Tom Hudson, take a look at our open positions to join the teams in Stockholm or Boston! 


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Malicious Data Mining @ HyperIsland – 10 minute mail

Johan Edholm and I (Fredrik Nordberg Almroth) had a talk a while back at HyperIsland, Stockholm (the 18’th of October) for the DDS13 group. The purpose of the talk was to introduce the students to IT security, and how malicious individuals can gather a lot of information on people and various IT systems.

The main subjects of the presentation covered the following topics:

  • Web-Scraping
  • Quick & Dirty SQL Injections
  • iPhone, WiFi & Evil Twins
  • Hacking Neighbours
  • Port scanning on Steroids

HyperIsland - #DDS13
Disposable mail were guest lectures at Hyper Island


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Awards to Disposable mail’s team members – 10 minute mail

Team members of Disposable mail have received not one, but two, public awards over the last few weeks. We are proud of having skilled people in Disposable mail.

Super talents of 2015

Our two team members Rickard Carlsson and Fredrik Almroth was given the “Super talents of 2015” award by Veckans affärer, which is the Swedish version of the Economist.

Rickard, CEO of Disposable mail, was listed as future digital star for his work with Disposable mail and our Head Application Engineer Fredrik was listed as innovative thinker in the security space for his security knowledge and innovations with Disposable mail.

Security experts of the future

Symantec gave Fredrik and Mathias the “Security experts of the future” award to bring attention to their hard work and to inspire others.

Motivation for Fredrik:

“One of the country’s most knowledgeable security experts, where his understanding of Web security and security technology is at least as impressive as his knowledge in automation. With an ambition to change the world, he will continue to be one of the most important figures in the country for security to keep up with the rapid development of threats.”

Motivation for Mathias:

“He is one of the most active security experts in Sweden, especially regarding bug bounty hunting where he have reported lots of security issues to some of the worlds biggest companies. But he is not keeping his knowledge to himself, he is sharing his knowledge through lectures in both Sweden and internationally.”

International Startup Award

We made a pitch on stage at the Launch festival and won the International Startup Award with the following comment:

“My partner in crime Tyler Crowley always brings me a couple of interesting startups from Europe, and Disposable mail was the most impressive of all time. It’s a security monitoring tool that is well-designed, simple, and powerful.”

You can see our pitch here.

We’re looking for more talents!

It’s great to have skilled people in a team where we learn from each other. Do you want to be a part of this great adventure? Check out our open positions at career.detectify.com.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Team event – Disposable mail Sailing – 10 minute mail

The Disposable mail team took a day off in order to explore the archipelago outside Stockholm from the sea side. It was a great day blessed with sunshine and just enough sea breeze.

The sailing took us from Saltsjöbaden and on a tour heading east out in the archipelago. In the beginning we experienced light winds that picked up in the afternoon when we were sailing 10 knots with a 20 knots headwind. After a day of sailing we moored in a bay where we enjoyed some well deserved dinner, some swimming, slacklining, hiking and just had a great time. The day after we set sail back to the city.

Here are some pictures from the day.

So these are the things we do when we are not working on making the internet a safer place. Do you think this is cool and want to join our team?

Take a look at our open positions here!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail @ DEF CON 2015 – 10 minute mail

Frans @fransrosen and Fredrik @almroot from the Disposable mail team visited the 23rd annual DEF CON Hacker Conference, as usual hosted in Vegas, in beginning of August. This year was the big eye opener for car hacking with the hacking of a Tesla Model S reaching the mainstream media. On the technical side researcher Fernando Arnaboldi presented some very interesting findings on XSLT and its implications. And of course the team also made sure to have some fun during the visit and will here reveal who threw this year’s best party.

Car hacking is the new black

Car hacking seems to be the new black at DEF CON this year. Even though car hacking did make some headlines back in 2010 and 2011, this was the year it really became the main topic.

DEF CON had organized its own car hacking village with the slogan “Drive it like you hacked it”. For example it was revealed that hackers had been able to hack two of america’s most commonly used cars: a 2010 Toyota Prius and a 2010 Ford Escape.

Further it was revealed that Marc Rogers and Kevin Mahaffey have been able to hack Tesla Model S so that they could unlock, start and stop the car. They did admit that it was “very hard” to hack the Model S, but apparently possible. Tesla was not late on responding to the hack announced that they double the maximum reward in their bug bounty program to $10,000 for anyone able to find severe vulnerabilities in the Model S. Both Tesla and the hackers were clear on mentioning that all known vulnerabilities now are patched.

It will be very interesting to follow the development of the car hacking scene and we can be pretty sure that we haven’t seen anything yet.

Best technical research – XSLT for practical attacks & Abusing Adobe Reader’s JavaScript APIs

Fernando Arnaboldi (IOActive) presented interesting security research on XSLT, ranging all from information disclosure to arbitrary file access by the means of providing XML documents together with XSL.

The findings presented have implications for all major web browsers (Safari, Opera, Chrome, Internet Explorer and Firefox), as well a range of popular programming languages (Python, perl, PHP, Java, JavaScript, .NET and C++).

Another interesting research was presented by Brian Gorenc, Abdul-Aziz Hariri & Jasiel Spelman (HP’s Zero Day Initiative) on how the JavaScript API’s work in Adobe Reader. By abusing logical flaws they managed to get remote code execution.

Who threw the best party?

Last but not least, as maybe the most prestigious award, the Disposable mail team names “The best party of DEF CON 2015”. As it should, in Vegas, the focus easily slips to the party scene and the competition is fierce among the companies on who can throw the best party. Based on our thorough research from our team, here are the three honorable mentions that made it to the final.

  • IOActive pool party, almost the unofficial DEF CON party, was hosted at the Bally’s hotel. The event was massive and in great spirit even though the beer was not for free.
  • BSides checked its party in at the Tuscany hotel. The event was a classic pool party highlighted with cupcakes, open bar and a great crowd.
  • Facebook hosted its venue at the Surrender nightclub at the Wynn hotel. They flew in the DJs Flosstradamus, served cupcakes (seemed to be a trend this year) and of course had an open bar all night long.

As mentioned there was some stiff competition this year and after some hard discussion the team agreed that Facebook did throw the best party, with BSides as the runner up.

To summarize, DEF CON 2015 had a little bit of everything. We at Disposable mail are very thankful for its existence and how the conference manages to shed some light on the real hacker community and, of course, throw a lot of great parties.

Below you can see some pictures from our team’s experience at DEF CON 2015, see you again next year Vegas!

Defcon Facebook party

Cobalt playing cards

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail on tour – meet us at the following events and meetups! – 10 minute mail

Disposable mail is attending/partnering with some of the biggest international tech and security conferences this fall. If you want to schedule a meeting with us in advance, or want to get a hold of us at any of the events, just drop us a note at hello[at]detectify.com or reach us on Twitter.
Slush

Photo: Sami Heiskanen (Slush 2014)

Here is the list of events that Disposable mail will participate in. We can’t wait to meet you!

Web Tech Conference 

Disposable mail’s very own security researcher and knowledge advisor Frans Rosén will be presenting at Web Tech Conference in Münich amongst speakers like Ilia Alshanetsky, CTO at Centah Inc. and polyglot developer Armagan Amcalar. Don’t miss Frans’ talk aboutCommon Pitfalls in PHP – The State of PHP Security on October 26, and stop by Disposable mail’s booth in the exhibition area to find out more about our work and what we are up to!

Time and date: Monday, October 26, 2015 – 2:15pm to 3:15pm
Location: Münich, Germany
Twitter: @WebTechCon

Disposable mail and Server Density’s SaaS Security Webinar

Don’t miss Disposable mail and Server Density’s SaaS Security Hangout October 29 – featuring Disposable mail’s knowledge advisor Frans Rosén, CIO Johan Norrman and Server Density CEO David Mytton. There will be plenty of war stories, tried and tested practices, and ample time for questions.

Time and date: October 29, 6:00 PM GMT+1
Location: Google Hangout (sign up now!) 

Web Summit

Web Summit is the largest tech conference in Europe with its 30 000 attendees. Are you attending? If so, make sure to stop by Disposable mail’s stand to say hello and pick up some awesome stickers! Meet Detecitfy and other handpicked Swedish startups in the main hall exhibition area November 3rd (co-branded Talk to Sweden by Business Sweden).

Time and date: Nov 3-5, 2015
Location: Dublin, Ireland
Twitter: @WebSummitHQ 

Internetdagarna (‘The Internet Days’)

The Internet Days is one of Sweden’s most important meeting places for individuals who work with the internet in various ways. Disposable mail’s Frans Rosén will be be speaking on the topic of trusting cloud service providers on Nov 23rd.

Time and date: November 23-24th, 2015, at 3.30 pm
Location: Stockholm, Sweden
Twitter: @internetdagarna 

Slush

Slush is one of the leading startup events in the world. This year thousands of attendees, startups and investors will gather to network, innovate and listen to speakers like Caterina Fake, Co-founder of Flickr & Hunch, Chairman of Etsy.com and Niklas Zennström, Co-founder of Skype & Atomico. And what’s more: Disposable mail’s CEO and Co-founder Rickard Carlsson is invited to participate in a fire side chat on November 12.

Time and date: Thursday November 12th, on Cybersecurity session at Black Stage starting at 9:30
Location: Helsinki, Finland
Twitter: @SlushHQ

Säkerhetsdagen (‘Security Day’)

Säkerhetsdagen (‘Security day’), hosted by Computer Sweden (a part of IDG Sweden), is the must-attend event for security experts in Sweden. Disposable mail’s knowledge advisor Frans Rosén is one of the keynote speakers – don’t miss the opportunity to hear his presentation ‘Inside the head of a whitehat hacker’.

Time and date: February 24, 2016
Location: Stockholm, Sweden

In case you can’t make it to any of the listed events, you’ll still be able to follow our adventures through Twitter, Facebook and the Disposable mail blog. And stay tuned – we are continuously adding more events, meetups and conferences to the Disposable mail roadshow!


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail is #4 on Internetworld’s 2015 startup list – 10 minute mail

2015 ended on a high note for Disposable mail!

Internetworld published their annual list of Sweden’s most exciting startups and we’re #4! Internetworld’s list is a yearly selection of the most promising Swedish startups and we are thrilled to be featured together with 24 other companies such as Trueflow, Visiba, and this year’s winners, Kry.

Disposable mail 4th on Internetworld's Startup List

“It has been a great year for Disposable mail and it is an honour to be on the list with other promising startups. Being selected confirmed that we are doing important work and that web security is a growing concern for companies in all fields of business,” says Rickard Carlsson, CEO of Disposable mail.

We are looking forward to making the internet a safer place in 2016!
//The Disposable mail Team

Startuplistan logo

Disposable mail’s other awards

  • Super talents of 2015 (Veckans affärer)
  • Security experts of the future (Symantec)
  • International Startup Award (Launch Festival)

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

An intelligent way to look for vulnerabilities – 10 minute mail

Have you ever wondered how we manage to test your website for hundreds of vulnerabilities without making you wait too long? We have built a powerful fingerprinting algorithm to spend just the right  amount of time to find what we look for, and this is how we do it.

More and more vulnerabilities come to the surface every day, so it would take an increasingly long time to check for all of them against every single website. Many of these vulnerabilities are also very specific and can only affect certain web servers or Content Management Systems (CMSs). It would therefore be very time consuming and ineffective to test blindly for all of them.

We do the very best in order to keep our scanner up-to-date with the latest security threats, from the most generic to the platform-specific ones. When we test a website we do not just scroll a long list of possible vulnerabilities trying to find all those who affects it, but we rather tailor our tests to the technology stack that we find.

Having a clear picture of what web servers, CMSs and libraries types and versions run on a website is not at all a trivial task. It involves a cautious evaluation of the website content and of the messages exchanged between clients and server. Our so-called fingerprinting algorithm (see detectify.com/technology) at the core of the Disposable mail scanner, is where all this magic happens.

All the information collected by our crawler is fed to a classification algorithm that is able to decide within a bunch of millisecond what web servers, CMSs and libraries we are dealing with. On the basis of that information, we are then able to start looking for all pertinent vulnerabilities, excluding those that we know for sure are not there.

//Andrea Palaia


About Andrea:

Andrea is a data scientist at Disposable mail. He moved to Sweden from Italy in 2009 for a Ph.D. in accelerator physics,  and for several years he has been jumping back and forth between CERN, Uppsala and Berlin. After his Ph.D. he started to pry into the startup world with Patamu.com and about 8 months ago he landed at Disposable mail where he makes numbers speak.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail’s Frans Rosén #2 on HackRead’s 10 Famous Bug Bounty Hunters of All Time – 10 minute mail

Disposable mail’s knowledge advisor Frans Rosén has worked with security research for many years, and is a top ranked participant of bug bounty programs, receiving the highest bounty payout ever on HackerOne.

Frans is also a frequent blogger at Disposable mail Labs, where writes about his security research. He talks at security events, raising awareness about information security and sharing his experience as a white hat.

Last week, we were happy to see that HackRead featured Frans on their list of 10 Famous Bug Bounty Hunters of All Time along with security researchers like Roy Castillo, Emily Stark and Shubham Shah.CaptureFrans

See the full list of Hackread’s 10 famous bounty hunters here. 

 

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Top 3 takeaways from CIO Trend 2016 – 10 minute mail

In an ever changing world, nothing has a faster pace than IT, and the person in the lead of this change is the CIO. The challenges of the evolving CIO role was one of the many topics that were discussed at CIO Trend 2016, hosted by IDG Sweden, where about 80 CIOs, IT-managers and Heads of IT gathered for knowledge exchange and networking. The agenda featured several industry experts and a Startup Panel, where Disposable mail was one of three invited startups to hold a 5 minute pitch for the audience.

These are three of the conclusions I brought back home with me.

Long term plans and short term actions

One of the recurring topics of the day was how to manage teams during today’s transformation. A lot of us are used to working with roadmaps and product visions, but the demand for moving to a more fast paced and agile environment is only getting higher and higher. Johan Hallberg, a researcher at IDC, referred to this as “Managing teams in 3D”.

Analysts claim that 9 out of 10 companies that are rated top 1 within their respective fields today will be replaced by companies established after 2000. One of the key ways to not be surpassed by new startups is to manage to navigate in the mist, and find a way to make decisions that follow both your long term and your short term agenda.

Automation

Everything that can be automated will be automated, and we are already seeing the effects in the IT sector: smaller manual hosting companies are being pushed aside by automated services like AWS and Azure. Developer teams are taking over ops-responsibilities where Devops and Noops are being implemented. More and more services are being automated and only act and inform on demand.

But automation is not only coming to IT. So-called Lights out factories, where robots are in charge of the entire production chain, are becoming incessantly popular. Fully automated factories that can receive an order, reprogram themselves and automatically start the production are here to stay.

Security is an all growing priority

It doesn’t matter if we look at what’s trending, what the biggest challenge is or what the CIOs’ plan is to invest in; security will be in the top 3. The need for a holistic view covering IT-security has grown with more than 25% since last year according to the latest CIO report from IDG Sweden.

Within today’s IT infrastructure, when more and more data is being migrated to the cloud, the demand to know who has access to what data is an ongoing struggle. Services like Identity as a service (IDaaS) are being accepted.

I know I said three, but to wrap it up I am going to give you a fourth – it’s no longer technology but rather the services that drive which solutions to choose whether it comes to planning, automation or security.


Author: 

johan norrman

Johan Norrman, CIO, Disposable mail
Twitter: @johannorrman

 


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.