Recently our toaster broke, and although we have a “spare” toaster (long story), my wife and the kids all hate it and insisted that we replace the broken toaster, which they apparently absolutely adored, with a new one of exactly the same model. The old toaster had an unfortunate habit of its feet falling off… Read More »
In my current job, we are evaluating Datadog as the repository for the metrics and logs being generated by our SaaS application, which is hosted in AWS. We have taken a security-first approach in our design for the AWS accounts and infrastructure surrounding our app, which means among other things that we are not allowing… Read More »
Check out https://blog.kamens.us/head-to-head-comparison-of-password-managers-with-interactive-grid/.
I’ve just finished yet another iteration of the tooling I use to prevent myself from walking away from my desk without my YubiKey, which I previously described here. I’ve decided at this point it time to release the code somewhere a bit more robustly than in a blog posting, so I’ve published it on Github.… Read More »
Generating pointless alerts that users can’t do anything about decreases security for everyone.
In late 2015, 15 million T-Mobile customers learned that they had been victims of a two-year security breach at Experian. Since then, the 150-million victim Equifax breach has made the Experian breach look kind of puny, but at the time it became public it was a Big [expletive] Deal. Of course, a class-action lawsuit was… Read More »
[This is obsolete. My improved code is now in Github.] [The technique in this article supersedes my earlier “How I remember my YubiKey, take two” how-to; I explain at the bottom of this article what was wrong with my earlier technique and why this new technique is better.] I’ve recently started using a YubiKey NEO… Read More »
Either Micro Center endangers its customers when reselling returned computers, or it enforces stupid, arbitrary policies which benefit no one. Which is it?
I reported a web site security hole to CVS three different ways. They fixed the hole, but they couldn’t be bothered to acknowledge any of my reports. This is not OK.
How I avoid forgetting my YubiKey at work or at home using Tasker and AutoNotification from João Dias on Android, and systemd, udev and Notify from Kevin Bedi on Linux.