Generating pointless alerts that users can’t do anything about decreases security for everyone.
In late 2015, 15 million T-Mobile customers learned that they had been victims of a two-year security breach at Experian. Since then, the 150-million victim Equifax breach has made the Experian breach look kind of puny, but at the time it became public it was a Big [expletive] Deal. Of course, a class-action lawsuit was… Read More »
[The technique in this article supersedes my earlier “How I remember my YubiKey, take two” how-to; I explain at the bottom of this article what was wrong with my earlier technique and why this new technique is better.] I’ve recently started using a YubiKey NEO for two-factor authentication for sites that support it.1 Because I… Read More »
Either Micro Center endangers its customers when reselling returned computers, or it enforces stupid, arbitrary policies which benefit no one. Which is it?
I reported a web site security hole to CVS three different ways. They fixed the hole, but they couldn’t be bothered to acknowledge any of my reports. This is not OK.
How I avoid forgetting my YubiKey at work or at home using Tasker and AutoNotification from João Dias on Android, and systemd, udev and Notify from Kevin Bedi on Linux.
Early on November 21, 2018, I along with an undetermined number of other Amazon customers received the following email from Amazon: This breach notification lacked most of the information expected to be included in a breach notification from any reputable company, including: How was the information disclosed? For how long was the information accessible? How… Read More »
TL;DR After less than 24 hours of using the “Cash App” from Square, I conclude that the people who built, maintain, and support the app are incompetent, and it has therefore earned on my list of apps and services I will never use again. I have removed the app from my phone, and if anyone… Read More »
You know how sometimes you encounter something that is so terrible and appalling that you feel you just have to tell other people about it? Well, for me, today is one of those days. But look, I’m a nerd who writes email software and likes to write raw HTML. If the terms “SMTP” and “MIME”… Read More »
[The technique described here is obsolete. Please see this update.] I’ve recently started using a YubiKey NEO for two-factor authentication for sites that support it.1 Because I am using my YubiKey for more and more sites, I tend to leave it plugged in whenever I am in front of a computer for an extended period… Read More »