In my current job, we are evaluating Datadog as the repository for the metrics and logs being generated by our SaaS application, which is hosted in AWS. We have taken a security-first approach in our design for the AWS accounts and infrastructure surrounding our app, which means among other things that we are not allowing… Read More »
Check out https://blog.kamens.us/head-to-head-comparison-of-password-managers-with-interactive-grid/.
I’ve just finished yet another iteration of the tooling I use to prevent myself from walking away from my desk without my YubiKey, which I previously described here. I’ve decided at this point it time to release the code somewhere a bit more robustly than in a blog posting, so I’ve published it on Github.… Read More »
Generating pointless alerts that users can’t do anything about decreases security for everyone.
In late 2015, 15 million T-Mobile customers learned that they had been victims of a two-year security breach at Experian. Since then, the 150-million victim Equifax breach has made the Experian breach look kind of puny, but at the time it became public it was a Big [expletive] Deal. Of course, a class-action lawsuit was… Read More »
[This is obsolete. My improved code is now in Github.] [The technique in this article supersedes my earlier “How I remember my YubiKey, take two” how-to; I explain at the bottom of this article what was wrong with my earlier technique and why this new technique is better.] I’ve recently started using a YubiKey NEO… Read More »
Either Micro Center endangers its customers when reselling returned computers, or it enforces stupid, arbitrary policies which benefit no one. Which is it?
I reported a web site security hole to CVS three different ways. They fixed the hole, but they couldn’t be bothered to acknowledge any of my reports. This is not OK.
How I avoid forgetting my YubiKey at work or at home using Tasker and AutoNotification from João Dias on Android, and systemd, udev and Notify from Kevin Bedi on Linux.
Early on November 21, 2018, I along with an undetermined number of other Amazon customers received the following email from Amazon: This breach notification lacked most of the information expected to be included in a breach notification from any reputable company, including: How was the information disclosed? For how long was the information accessible? How… Read More »