Tag Archives: Security

More Password Field Silliness

The other day I wrote about the stupid password policies and handling that many sites have. It appears that I’m not alone in being infuriated by this nonsense. David Pashley has his own post documenting some of the silliness. In … Continue reading

Posted in General | Tagged | Leave a comment

Handling Password Fields

With the advent of the heartbleed debacle you’ve probably spent a bunch of time changing your passwords. I know I have. Having to update several passwords has opened an old wound: the really really stupid policies and coding behind password … Continue reading

Posted in General | Tagged | 4 Comments

Another GnuPG Tutorial

I’ve written many times about GnuPG and other programs that support the OpenPGP standard (the last time here). I really, really wish that everyone would start using it. That would certainly put a crimp in the NSA’s operations. Over at … Continue reading

Posted in General | Tagged | Leave a comment

The Security of the Apple Keychain

TidBITS has a great post on how Apple secures the iCloud keychain. An Apple device will remember passwords to sites you visit, WiFi nodes you join, and many other things. If you don’t do anything special, these credentials will be … Continue reading

Posted in General | Tagged | Leave a comment

Dual_EC_DRBG Expalined

Irreal readers are doubtless familiar with the broad outlines of the NSA’s insertion of a backdoor into the NIST Special Publication 800-90A elliptic curve random bit generator but may be unfamiliar about what was actually involved. Now Mother Jones has … Continue reading

Posted in General | Tagged | Leave a comment

The Dangers of the Digital Life

I’ve written before about how I’ve embraced the digital life and pretty much given up dealing with paper, pens, and all the rest of the traditional record keeping methods. Almost everything happens on-line and whatever paper documents I get are … Continue reading

Posted in General | Tagged | Leave a comment

OS Security Appraisals

The United Kingdom’s CESG has published an appraisal the security of various operating systems. The TL;DR is that Ubuntu Linux is the “most secure” but Ubuntu is probably a proxy for Linux (no other Linux distros were profiled). Happily, the … Continue reading

Posted in General | Tagged | Leave a comment

Passwords in 2013

PC World in reporting on the 25 worst passwords of 2013. As it does every year, Splashdata, a security firm, has compiled a list of the most common passwords culled from stolen password lists. Everything is depressingly normal. All our … Continue reading

Posted in General | Tagged | Leave a comment

Java and Security

With respect to Java, I’m pretty much in the same boat as Paul Graham: I’ve never used it but it does seem to have an unpleasant odor. One thing for sure, it’s a major exploit vector and, as a result, … Continue reading

Posted in General | Tagged | Leave a comment

FIDO

Ars Technica is reporting that Microsoft has joined the FIDO alliance. The FIDO, Fast IDentity Online, alliance is an industry group that is developing protocols to replace the passwords for access to Web sites. The idea is to use public … Continue reading

Posted in General | Tagged | Leave a comment