security post archive

  1. Considering the context of IT systems
  2. The best we can do with passphrases now
  3. Redundant passphrase requirements are
  4. Conflating security with privacy
  5. Docks charging more than just kettles
  6. The 1Password Electron debate is good news for the industry
  7. A rough week for Apple users
  8. Who in the world is Pitney Bowes?
  9. NCSC’s passphrase advice
  10. CISA’s exploited vulnerabilities report for 2021
  11. Revisiting webcam covers
  12. ACIC’s expanded surveillance submission
  13. Managing encryption in the enterprise
  14. No, RSA is not broken
  15. Being victim of another data breach
  16. Today’s errors
  17. Network backdoors and layers
  18. Starting with FreeBSD jails
  19. Security flaws in smart doorbells
  20. Mktemp started on OpenBSD
  21. OpenSSL 3.0 /dev/crypto issues on FreeBSD
  22. Cleaning another Mac Bitcoin miner
  23. John Naughton on the Internet-of-Things
  24. OpenSSH 8.4 released
  25. When scp’s misleading warnings attack
  26. If we could demand the same security answers
  27. A KONE lift diagnostic test tool and decoder
  28. Journalism: make them care
  29. Firefox’s situation reminds me of OpenSSL
  30. Bruce Schneier on blockchain tech
  31. Airgapped devices and networks
  32. An analysis of native IoT advertising
  33. Bitcoin scam sites
  34. Checking if FreeBSD geli is using AES-NI
  35. Two-factor auth codes need to be chunked better
  36. Still getting mail from a leaked database
  37. One-liners: Downloading a https cert as text
  38. IoT, and Hypponen’s law
  39. Ministers not wanting the COVID tracking app
  40. Locking down SSH to specific IPs
  41. Follow-up to my fintech security post
  42. Even respected sites are failing to address fintech security
  43. An old domain whitelist text file
  44. Here’s your PIN, here's the eBay PIN…
  45. Worrying out loud about EOL
  46. Gross and tiny security errors
  47. Infosec Jack Sparrow
  48. The xkcd password leak
  49. Cleaning compromised servers
  50. Fun with a phpMyAdmin honeypot
  51. When someone close nearly got phone scammed
  52. Running NoScript in 2019
  53. Covering laptop cameras, revistied
  54. When CDNs say you have malware
  55. Richard Di Natale on Australia’s #aabill
  56. Disabling SELinux on CentOS, RHEL
  57. PF in FreeBSD and NetBSD
  58. Australian IT in the budget reply speech
  59. Dropbox isn’t case-sensitive
  60. 1993 Computer Chronicles on Spectre
  61. Testing HTTPS/TLS sites
  62. macOS not downgrading Wi-Fi security
  63. Churn in anti-virus vendors
  64. Predictable issues with video doorbells
  65. Information war
  66. Bookmark cleanout, December 2018
  67. Could not chdir to fulljail
  68. OpenSSH undefined symbol on FreeBSD
  69. Yes, the #AABill is about encryption
  70. Australia’s new anti-encryption bill
  71. If you want encryption, you support…
  72. Those white collars
  73. Economic impact of back doors
  74. Not news, but ed25519 keys are tiny
  75. Y2K was a planned fizzer
  76. You have detached Mosh sessions on this server
  77. My personal RSA whoops
  78. Feather preening
  79. Mosh on Amazon Lightsail
  80. Wildcard and DNS Let’s Encrypt certificates
  81. LAX, delayed LAX, now SFO
  82. VMDK candidate candidates
  83. Moving from 1Password for KeePassXC
  84. This spam is virus free!
  85. Two-factor auth and password managers
  86. Stack Overflow survey omission
  87. Meltdown and Spectre
  88. Xen on yesterday’s Intel issue
  89. using Let’s Encrypt
  90. FaceID
  91. Advanced protection from Google instead?
  92. Enter username, hit button, enter password
  93. Osaka Free WiFi
  94. Mr Brandis, You Can (Not) Decrypt
  95. The blight of expired Let’s Encrypt certs
  96. Don’t enforce password character limits
  97. Testing SSL connections
  98. Offshore Singapore bank accounts
  99. Trip back in time: cost of encryption
  100. Reasons to use HTTPS
  101. DirtyCOW
  102. Covering laptop cameras
  103. Vivaldi gets some 1Password love
  104. When NinjaFirewall attacks
  105. When password character limits attack
  106. brew install sshpass
  107. Australian privacy, NBN net neutrality, and other news
  108. OpenSSL now at 1.0.2b
  109. The FireHOL flame haze
  110. #wgetNoSatisfaction
  111. Keyloggers
  112. Sophos Security Gateway on Xen
  113. Incomplete bash code injection fix
  114. Bash code injection vulnerability
  115. Media reporting on Dropbox security, privacy
  116. Force SSH password authentication
  117. Why Lavabit shut down
  118. Google Chrome removing OCSP
  119. The OpenSSL heart bleeds
  120. Disconnect for ALL the browsers
  121. Ruben and Malcolm’s technology mix
  122. Practical, private Dropbox use cases
  123. Linux RdRand
  124. SaaS cloud encrypting customer data
  125. FreeBSD and hardware random number generators
  126. A Microsoft Office TIFF vulnerability
  127. The ever–evolving TLS ciphersuite
  128. US Congress nearly cost me an exam
  129. Remembering the goals of IT security
  130. The real barrier to SaaS adoption
  131. Yay, my Twitter was breached!
  132. Yahoo! Mail finally gets SSL!
  133. UTS site defaced with plaintext passwords
  134. Are sites storing your passwords securely?
  135. Stallman Schneier Stuxnet Security
  136. My letter to Westpac about a PayPass debit card
  137. An alternative reason for security theatre?
  138. I was wrong about Google Street View
  139. Microsoft India stores plaintext passwords
  140. You can just skim this DBS ATM story
  141. Telstra customers exposed, again?
  142. Telstra joins the Plaintext Password Parade
  143. Sophos CityRail memory key adventures
  144. Biometric flying Malaysian aeroplanes
  145. Cause this is my United States of Whatever
  146. Fake trust seals, with bad puns
  147. Android #1 mobile platform for malware, but…
  148. I vouch for SBS Radio!
  149. Why do Aussie banks need a wakeup call!?
  150. Being realistic about Windows
  151. Law enforcement usurping botnet control
  152. France to require cleartext passphrase storage
  153. FileVault on case sensitive HFS+
  154. Could Adobe #fail any more?
  155. Is someone at Westpac reading my blog?
  156. Westpac Bank internet security
  157. CSRF, snooping, RequestPolicy for Firefox
  158. Cool uses for RequestPolicy!
  159. The world needs another airport security rant
  160. The bane of unmaintained Windows PCs
  161. A Windows 7 cleaning saga
  162. compromised, with anecdotes
  163. Ned Flanders on Aussie NBN security
  164. Telstra’s Internet and Cyber-safety site thing
  165. Was YouTube just maliciously hacked?
  166. North Korean agents trying to break blogs?
  167. Running Windows on sales terminals… sigh
  168. Personal take on CNET’s iPhone 4G wishlist
  169. Uh oh, Facebook pre-approved third-party sites
  170. Firefox 3.6.2 fixes that zero day exploit thing
  171. Ruben’s biased browser feature table
  172. Fielding beats Ludlam, game over folks
  173. A combination lock USB key?
  174. Bruce Schneier facts, again!
  175. Google Reader constantly logging me out
  176. Shell’s massive data breach loss thing
  177. An OpenSSH epiphany
  178. Probably no Firefox update security loophole…
  179. Catching up on a fortnight of happenings
  180. UniSA virus #fail
  181. Worrying out loud about JavaScript
  182. Running Windows on ATMs
  183. Thoughts on the .net Firefox plugin saga
  184. Firefox 3.0.14 and 3.5.3 announced
  185. Good encrypted disk images on Mac OS X
  186. TACO, Master Password Timeout for Firefox
  187. Credit card fraud on rise, IT security thoughts
  188. Social engineering email attacks are scary
  189. Jesse the JavaScript Worm
  190. Quick lessons for NoScript and Firefox
  191. A privacy and potential security Flash scare
  192. Awesome security and privacy Firefox extensions
  193. Sites that are still using MD5
  194. My feedback for Security Now 181
  195. Initiating SFTP connections with a non standard port
  196. Debian security motivational posers
  197. Windows 7 security not worse than Vista
  198. Moving back to Internet Explorer 8?
  199. is no longer being blocked!
  200. Hong Kong Post Office uses SHA1 not MD5
  201. I probably won’t be using Chrome on Mac (or BSD)
  202. Protect yourself against MD5 certificates
  203. A refreshed Windows disgust rant!
  204. Servage hacking, Rubenerd blocking update
  205. and Servage have just been blocked
  206. Stop blaming Microsoft for cybersecurity woes?
  207. The Adobe Flash of the comments world
  208. Only one problem with strong encryption
  209. Recover forgotten passwords in Camino
  210. Just ordered a Yubikey
  211. VIM security note for FreeBSD folks
  212. My favourite free Windows 2000 security tools
  213. A philosophical security question
  214. Dodgy Windows virus scanner on FreeBSD!
  215. No LockerGnome, I now block you
  216. Leopard sudo isn't as much fun
  217. How to run Internet Explorer securely?
  218. Scary dubious Javascript evil
  219. Security changes in Mac OS X Leopard
  220. Weird CNET network links
  221. Five things Apple supposedly made up
  222. HSBC Doesn’t Like Camino!
  223. Guess I Should Run Software Update More Often!
  224. Security Now! Feedback