Tag Archives: Security

I’ve often written about the need to encourage wider use of encrypted emails. As everyone knows, the main problem is that existing email encryption solutions are too hard to use: Aunt Millie simply won’t deal with the complexities. But what … Continue reading →

The Free Software Foundation has a new project aimed at getting people to install and use email encryption software. They have published a guide and infographic that demonstrates in simple terms how (and why) to set up GnuPG and then … Continue reading →

Troy Hunt comments on that incredibly silly tweet by British Gas explaining why they disable pasting into the password field on their site. I wrote about that here. Sadly, it turns out that this practice is more widespread than I … Continue reading →

I’ve told you many times (here, here, here, here, and here) that if you’re using Dropbox and you have any file in it that you wouldn’t like to see on the Internet, then you better be encrypting those files. Dropbox … Continue reading →

Remember how I told you of a sure tip off to an insecure site? Were you looking for an in-the-wild example? Well, here it is. The very apotheosis of a bad password policy. Forget, for a moment, the ridiculous explanation … Continue reading →

The other day I wrote about the stupid password policies and handling that many sites have. It appears that I’m not alone in being infuriated by this nonsense. David Pashley has his own post documenting some of the silliness. In … Continue reading →

With the advent of the heartbleed debacle you’ve probably spent a bunch of time changing your passwords. I know I have. Having to update several passwords has opened an old wound: the really really stupid policies and coding behind password … Continue reading →

I’ve written many times about GnuPG and other programs that support the OpenPGP standard (the last time here). I really, really wish that everyone would start using it. That would certainly put a crimp in the NSA’s operations. Over at … Continue reading →

TidBITS has a great post on how Apple secures the iCloud keychain. An Apple device will remember passwords to sites you visit, WiFi nodes you join, and many other things. If you don’t do anything special, these credentials will be … Continue reading →

Irreal readers are doubtless familiar with the broad outlines of the NSA’s insertion of a backdoor into the NIST Special Publication 800-90A elliptic curve random bit generator but may be unfamiliar about what was actually involved. Now Mother Jones has … Continue reading →