I received this email at 1:15 this morning: When I saw it this morning, I was confused. I have never before received an email from “loyaltygateway.com”, and I was asleep at 1:15am, not placing an “order” to be confirmed by this email as its subject implies. It sure looks like spam, right? Well, it turns… Read More »
Recently our toaster broke, and although we have a “spare” toaster (long story), my wife and the kids all hate it and insisted that we replace the broken toaster, which they apparently absolutely adored, with a new one of exactly the same model. The old toaster had an unfortunate habit of its feet falling off… Read More »
In my current job, we are evaluating Datadog as the repository for the metrics and logs being generated by our SaaS application, which is hosted in AWS. We have taken a security-first approach in our design for the AWS accounts and infrastructure surrounding our app, which means among other things that we are not allowing… Read More »
Check out https://blog.kamens.us/head-to-head-comparison-of-password-managers-with-interactive-grid/.
I’ve just finished yet another iteration of the tooling I use to prevent myself from walking away from my desk without my YubiKey, which I previously described here. I’ve decided at this point it time to release the code somewhere a bit more robustly than in a blog posting, so I’ve published it on Github.… Read More »
Generating pointless alerts that users can’t do anything about decreases security for everyone.
In late 2015, 15 million T-Mobile customers learned that they had been victims of a two-year security breach at Experian. Since then, the 150-million victim Equifax breach has made the Experian breach look kind of puny, but at the time it became public it was a Big [expletive] Deal. Of course, a class-action lawsuit was… Read More »
[This is obsolete. My improved code is now in Github.] [The technique in this article supersedes my earlier “How I remember my YubiKey, take two” how-to; I explain at the bottom of this article what was wrong with my earlier technique and why this new technique is better.] I’ve recently started using a YubiKey NEO… Read More »
Either Micro Center endangers its customers when reselling returned computers, or it enforces stupid, arbitrary policies which benefit no one. Which is it?
I reported a web site security hole to CVS three different ways. They fixed the hole, but they couldn’t be bothered to acknowledge any of my reports. This is not OK.