Stealing Your Address Book by Dustin Curtis
february 2012 by fjordaan
I can't think of a rational reason for why Apple has not placed any protections on Address Book in iOS. It makes no sense. It is a breach of my privacy, and it has allowed every app I've installed to steal my address book.
apple
ios
iphone
privacy
security
dustin
curtis
address
book
contacts
path
from twitter_favs
february 2012 by fjordaan
Travel Gear for the Globe Trotting Geeks
november 2011 by fjordaan
65,000 km a month is my current travel routine with my international engineering firm, Spec Ops Technology. In my past there was formidable travel, but it always was within the continental US which removed some of the complexities in life. With the crossing of borders the type of equipment you need changes dramatically. Below are some of my favorite items to carry that have saved me numerous times. In a later post I will cover the software and mobile applications that I use on all this stuff.
travel
geek
laptop
encryption
sync
security
hardware
rugged
november 2011 by fjordaan
Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing
november 2011 by fjordaan
Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
erase
security
software
wipe
hdd
clean
nuke
disk
november 2011 by fjordaan
GRC's | Password Haystacks: How Well Hidden is Your Needle?
august 2011 by fjordaan
And here's the key insight of this page, and “Password Padding”:
Once an exhaustive password search begins,
the most important factor is password length!
password
privacy
security
grc
haystack
strength
length
padding
Once an exhaustive password search begins,
the most important factor is password length!
august 2011 by fjordaan
Troy Hunt: I’m sorry, but were you actually trying to remember your comical passwords?
august 2011 by fjordaan
It’s not about memory; it’s about the ability to retrieve
debunk
password
security
xkcd
memory
remember
august 2011 by fjordaan
How To Safely Store A Password | codahale.com
july 2011 by fjordaan
Why Not {MD5, SHA1, SHA256, SHA512, SHA-3, etc}? These are all general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. This means that they are fantastic for ensuring the integrity of data and utterly rubbish for storing passwords.
encryption
password
passwords
security
bcrypt
hash
md5
sha1
july 2011 by fjordaan
Hotspot Shield
june 2011 by fjordaan
Hotspot Shield creates a virtual private network (VPN) between your laptop or iPhone and our Internet gateway. This impenetrable tunnel prevents snoopers, hackers, ISP’s, from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network. Hotspot Shield security application is free to download, employs the latest VPN technology, and is easy to install and use.
proxy
security
wifi
hotspot
shield
anonymise
vpn
june 2011 by fjordaan
Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else | WordPress, Multisite and BuddyPress plugins, themes, news and help – WPMU.org
january 2011 by fjordaan
A few months ago I wrote about WordPress Security. Now, armed only with the words “free WordPress themes,” builtBackwards’ Theme Authenticity Checker Plugin and Donncha O Caoimh’s Exploit Scanner, I’m going to take a look through the first page of Google to see just how safe pages ranking for “Free WordPress Themes” are.
google
security
themes
wordpress
free
spam
january 2011 by fjordaan
Schneier on Security: Close the Washington Monument
january 2011 by fjordaan
Securing the Washington Monument from terrorism has turned out to be a surprisingly difficult job. The concrete fence around the building protects it from attacking vehicles, but there's no visually appealing way to house the airport-level security mechanisms the National Park Service has decided are a must for visitors. It is considering several options, but I think we should close the monument entirely. Let it stand, empty and inaccessible, as a monument to our fears.
fear
government
politics
security
terrorism
schneier
washington
monument
january 2011 by fjordaan
ACCU/Bletchley Park Security Conference 2010 | 4DC5
november 2010 by fjordaan
ACCU holds an annual one-day security conference to raise money for the Bletchley Park Trust and The National Museum of Computing. The conference this year took place on 2010-11-06, and included four eminent speakers in the field of security: Andy Clark, David Khan, Whitfield Diffie and Bruce Schneier.
accu
bletchleypark
conference
security
#accubp2010
#ACCUbletchleypark
accubp2010
ACCUbletchleypark
november 2010 by fjordaan
Security major strops over MS free scanner auto-downloads • The Register
november 2010 by fjordaan
Trend Micro has cried foul over plans by Microsoft to offer its Security Essentials freebie scanner as an automatic download.
trendmicro
antivirus
microsoft
ms
security
november 2010 by fjordaan
Critical Fixes for Shockwave, Firefox — Krebs on Security
november 2010 by fjordaan
I believe I whined about this earlier but still I’m so irritated I’m going to do it again. Where the hell do those [expletive deleted] at Adobe get off trying to get paid while patching their garbage software? How could they think it’s appropriate to hoist pay-per-install toolbars and trash onto the backs of these critical updates.
shockwave
firefox
adobe
security
toolbars
plugins
updates
comment
sneaky
november 2010 by fjordaan
Google Releases Impressive Documentation of OpenID Implementation | Not So Relevant
november 2010 by fjordaan
Today Google released a demo site – it is a store – and accompanying material like videos, tutorials, and best practices that provide detailed explanations on how to become a relying party, match an existing user base with OpenID, and much more. Eric Sachs, product manager, Google Security, announced this on the OpenID mailing list today.
openid
store
ecommerce
bestpractice
ericsachs
google
security
demo
login
upgrade
november 2010 by fjordaan
Schneier on Security: In Praise of Security Theater
august 2010 by fjordaan
But to write off security theater completely is to ignore the feeling of security. And as long as people are involved with security trade-offs, that's never going to work.
bruceschneier
schneier
security
theatre
baby
infant
rfid
august 2010 by fjordaan
Some People Can’t Read URLs « Not The User’s Fault
march 2010 by fjordaan
People using the Web without understanding URLs are quite literally putting themselves in danger, just as if they went out driving on the road without understanding how to read road signs.
facebook
security
url
usability
mozilla
jono
urls
user
tutorial
danger
march 2010 by fjordaan
Thinking About Security : Microsoft’s Many Eyeballs and the Security Development Lifecycle
february 2010 by fjordaan
Hope is not a security strategy. By contrast, the Security Development Lifecycle is a proven strategy. The many eyeballs argument is neat, tidy, compelling, and wrong.
microsoft
code
review
oss
opensource
security
eyeballs
shawnherman
sdl
raymond
february 2010 by fjordaan
Light Blue Touchpaper » Blog Archive » How online card security fails
january 2010 by fjordaan
In a paper I’m presenting today at Financial Cryptography, Steven Murdoch and I analyse 3D Secure. From the engineering point of view, it does just about everything wrong, and it’s becoming a fat target for phishing. So why did it succeed in the marketplace?
3d-secure
verifedbyvisa
verified
visa
security
paper
january 2010 by fjordaan
Would You Have Spotted the Fraud? — Krebs on Security
january 2010 by fjordaan
Pictured below is what’s known as a skimmer, or a device made to be affixed to the mouth of an ATM and secretly swipe credit and debit card information when bank customers slip their cards into the machines to pull out money. Skimmers have been around for years, of course, but thieves are constantly improving them, and the device pictured below is a perfect example of that evolution.
atm
skimmer
fraud
banking
crime
security
january 2010 by fjordaan
Main - browsersec - Browser Security Handbook landing page - Google Code
february 2009 by fjordaan
This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.
netvouzimported
netvouzpublic
browser
google
guide
handbook
manual
security
february 2009 by fjordaan
NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - what is it? - InformAction
august 2008 by fjordaan
The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and others mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.
netvouzimported
netvouzpublic
add-on
block
browser
firefox
javascript
noscript
plugin
safety
security
august 2008 by fjordaan
Automatic Patch-Based Exploit Generation
may 2008 by fjordaan
Attackers can simply wait for a patch to be released, use these techniques, and with reasonable chance, produce a working exploit within seconds. Coupled with a worm, all vulnerable hosts could be compromised before most are even aware a patch is available, let alone download it. Thus, Microsoft should redesign Windows Update. We propose solutions which prevent several possible schemes, some of which could be done with existing technology.
netvouzimported
netvouzpublic
automatic
exploit
generation
hack
infosec
microsoft
patch
security
update
windows
worm
may 2008 by fjordaan
My Wonderful Trip To South Africa That Didn’t Happen Thanks To The TSA And Delta Airlines | NetStumbler.com
march 2008 by fjordaan
I think that everyone should know about some of the horrible things happening at San Diego International Airport and with Delta Airlines. I wrote this immediately after the events that transpired so that I would have an accurate log.
netvouzimported
netvouzpublic
airlines
airport
delta
security
tsa
march 2008 by fjordaan
Browser Security Test
november 2007 by fjordaan
Careful! The test will try to crash your browser! Close all other browser windows before starting and bookmark this page. If your browser crashes during the test, restart it and return to this page. It will show which vulnerability crashed your browser and offer you to continue the test or view the results.
netvouzimported
netvouzpublic
browser
drive-by
scanit
security
test
vulnerability
november 2007 by fjordaan
Light Blue Touchpaper
november 2007 by fjordaan
Security Research, Computer Laboratory, University of Cambridge
netvouzimported
netvouzpublic
blog
cambridge
murdoch
research
security
steven
wordpress
november 2007 by fjordaan
related tags
#ACCUbletchleypark ⊕ #accubp2010 ⊕ 3d-secure ⊕ accu ⊕ ACCUbletchleypark ⊕ accubp2010 ⊕ add-on ⊕ address ⊕ adobe ⊕ agre ⊕ airlines ⊕ airport ⊕ anonymise ⊕ anti ⊕ antiphishing ⊕ antivirus ⊕ apple ⊕ atm ⊕ attrition ⊕ authenticate ⊕ automatic ⊕ baby ⊕ badecommerce ⊕ banking ⊕ bcrypt ⊕ best ⊕ bestpractice ⊕ biometrics ⊕ bletchleypark ⊕ block ⊕ blog ⊕ book ⊕ browser ⊕ bruce ⊕ bruceschneier ⊕ cambridge ⊕ clancy ⊕ clean ⊕ code ⊕ coder ⊕ comment ⊕ computer ⊕ computing ⊕ conference ⊕ contacts ⊕ cookies ⊕ coredump ⊕ counterpane ⊕ cracking ⊕ crime ⊕ crypto-gram ⊕ cryptography ⊕ curtis ⊕ danger ⊕ database ⊕ ddos ⊕ debunk ⊕ delta ⊕ demo ⊕ denial ⊕ detection ⊕ disk ⊕ dos ⊕ drive-by ⊕ dustin ⊕ earth ⊕ ecommerce ⊕ encryption ⊕ engine ⊕ erase ⊕ ericsachs ⊕ exploit ⊕ eyeballs ⊕ f-secure ⊕ facebook ⊕ fbi ⊕ fear ⊕ firefox ⊕ fool ⊕ fooling ⊕ form ⊕ fraud ⊕ free ⊕ friendly ⊕ geek ⊕ generation ⊕ gibson ⊕ google ⊕ government ⊕ grc ⊕ guide ⊕ hack ⊕ hacking ⊕ handbook ⊕ hardware ⊕ hash ⊕ haystack ⊕ hdd ⊕ hensing ⊕ hotspot ⊕ iis ⊕ infant ⊕ information ⊕ infosec ⊕ intrusion ⊕ ios ⊕ iphone ⊕ javascript ⊕ johnlewis ⊕ jono ⊕ julie ⊕ kerckhoffs ⊕ laptop ⊕ lcamtuf ⊕ length ⊕ liable ⊕ login ⊕ malcolm ⊕ manual ⊕ mark ⊕ mastercard ⊕ matsumoto ⊕ md5 ⊕ meloni ⊕ memory ⊕ michal ⊕ microsoft ⊕ military ⊕ monument ⊕ motley ⊕ mozilla ⊕ ms ⊕ mt ⊕ murdoch ⊕ names ⊕ netvouzimported ⊕ netvouzpublic ⊕ nimda ⊕ noscript ⊕ nuke ⊕ open ⊕ openid ⊕ opensource ⊕ oss ⊕ osvdb ⊕ padding ⊕ paper ⊕ password ⊕ passwords ⊕ patch ⊕ path ⊕ personal ⊕ phil ⊕ phishing ⊕ php ⊕ phrases ⊕ pilgrim ⊕ plugin ⊕ plugins ⊕ policy ⊕ polish ⊕ politics ⊕ popular ⊕ practice ⊕ preventing ⊕ principle ⊕ printer ⊕ privacy ⊕ proxy ⊕ raymond ⊕ register ⊕ remember ⊕ research ⊕ review ⊕ rfid ⊕ robert ⊕ rre ⊕ rugged ⊕ safe ⊕ safety ⊕ scan ⊕ scandoo ⊕ scanit ⊕ schneier ⊕ sdl ⊕ search ⊕ secrecy ⊕ securecode ⊕ security ⊖ service ⊕ sessions ⊕ sha1 ⊕ shawnherman ⊕ shield ⊕ shockwave ⊕ skimmer ⊕ sneaky ⊕ snort ⊕ social ⊕ software ⊕ source ⊕ spam ⊕ ssa ⊕ steve ⊕ steven ⊕ store ⊕ strength ⊕ sync ⊕ terrorism ⊕ test ⊕ theatre ⊕ themes ⊕ toolbars ⊕ top ⊕ track ⊕ travel ⊕ trendmicro ⊕ tsa ⊕ tsutomu ⊕ tutorial ⊕ update ⊕ updates ⊕ upgrade ⊕ url ⊕ urls ⊕ usability ⊕ useful ⊕ user ⊕ users ⊕ verifedbyvisa ⊕ verified ⊕ verifiedbyvisa ⊕ virus ⊕ visa ⊕ vpn ⊕ vulnerability ⊕ vulnerable ⊕ washington ⊕ webmonkey ⊕ wifi ⊕ windows ⊕ wipe ⊕ wordpress ⊕ worm ⊕ xkcd ⊕ zalewski ⊕ zdnet ⊕Copy this bookmark: