Tag Archives: Security

As you all know too well, I am very interested in password technology. Certainly, passwords aren’t, by themselves, the answer to security but they can help if people pick them sensibly and Web sites handle them is a secure manner. … Continue reading →

Two years ago I wrote about WSJ SafeHouse, an effort on the part of the Wall Street Journal to start their own version of Wikileaks. The idea was that prospective whistle blowers would have a safe way to send documents … Continue reading →

Troy Hunt is the world’s greatest lover and he’s got the t-shirt to prove it. That’s his way of making a serious point about those badges you see on many sites certifying that the site is safe and not infected … Continue reading →

Ars Technica has an excellent article on why many sites have security limiting password policies. I’ve written about this before on my old blog, but the Ars Technica article is particularly infuriating. So much so that this is my second … Continue reading →

After the recent WordPress Administration Page attack, my hosting provider sent its customers a link to the WordPress page on securing WordPress sites. It’s an excellent resource if you’re running WordPress and some of the ideas are general enough that … Continue reading →

Mark Burnnet has an interesting post on The Worst Password Tips. His main thesis is that much—or even most—of the advice you hear about choosing passwords is no longer good advice. It used to be that passwords like p@r013 gave … Continue reading →

John Graham-Cumming has a very nice 4-part series on one-way functions and their application to passwords. The explanation is completely non-mathematical and should be understandable by anyone. By the end of the third post, Graham-Cumming has explained how a simple … Continue reading →

As I’ve written many many times, if you’re storing anything in Dropbox that you wouldn’t want to see published in the New York Times then you better encrypt it. Here’s yet another reason to do so.

Irreal regulars know that I periodically go off an a rant about the proper hashing of passwords and the dire consequences of failing to do it correctly. Not even I, however, could have imagined that Cisco would get it wrong. … Continue reading →

Over at Ars Technica Dan Goodin has a nice article analyzing the Gauss malware. Gauss appears to be related to Stuxnet and internal code signatures suggest that its provenance is the same1. Although Gauss was discovered last year, very little … Continue reading →