Blog posts by Harry Metcalfe

One of the discussions we keep having in the office is about the idea of repeatability, especially outside of central government. How often are the user needs so different that each circumstance needs a different system? How often is it actually just bad IT and empire building that gets in the way of unified user experience? […]

A new vulnerability has been announced in TimThumb, a library that many WordPress sites use to manipulate and display images. This vulnerability makes sites with a particular configuration of TimThumb vulnerable to arbitrary code execution attacks. These attacks are pretty serious, allowing the attacker to force your server to run any command they like. Usually, it’s […]

dxw has come a long way in the last 3 years. We’ve grown from a team of three to a team of 14, and we’ve taken on some big and exciting projects, including Planning Guidance, Thames Valley Housing Association’s online customer services and corporate website, as well as a major campaign you might have seen […]

A major vulnerability (CVE-2014-0160) has been found in OpenSSL, which is the software that many people use to make secure, encrypted connections to websites. A security problem has been found that allows an attacker to read a small portion of the memory of the computer using OpenSSL. This could enable an attacker to see things […]

EDIT: we’ve hired an awesome sysadmin, but we still have some other roles open. — dxw is recruiting at the moment, with several roles open, one of which is for a systems administrator. We think all these jobs are quite exciting, but the specs don’t do a terribly good job of explaining why. So, to […]

In the last few months, we’ve seen increasingly complex attacks on WordPress login forms. These attacks are designed to identify and illegally access any accounts with weak passwords (rather than targeting and exhaustively attacking a single account). Because these attacks have become more clever, we’ve had to improve our approach in order to keep our […]