Archive for the ‘Security’ Category

On Perception Of The Cloud

Citrix commissioned an interesting survey to see how people define “the cloud”. Most of the press was focused on: 51 percent of respondents, including a majority of Millennials, believe stormy weather can interfere with cloud computing. Technically weather can cause your internet connection to go down, so yes it does interfere with your access to […]

Another Java Attack

There’s another attack on Java via a new zero day flaw. This is why I don’t keep Java enabled in web browsers anymore. If you still do, I’d suggest turning it off. There’s a good chance you won’t miss it. I’ve yet to get there with Flash, but the day is coming. After the previous […]

iPhone Too Secure From Law Enforcement?

According to the US Department of Justice (DOJ) the iPhone is largely uncrackable at this point: “I can tell you from the Department of Justice perspective, if that drive is encrypted, you’re done,” Ovie Carroll, director of the cyber-crime lab for the CCIPS division of the Department of Justice, said earlier this month during his […]

CmdrTaco On Data Collection

Rob “CmdrTaco” Malda, (of Slashdot fame), did an IAmA on Reddit. Overall interesting but this particular answer caught my attention. When asked “How do you see a company like Google using the data it collects, and specifically your interest in Google+?”: Data is just data. When I ran Slashdot, I logged everything I practically could […]

UK Wants to MITM SSL Connections to Facebook/Gmail

The UK Government wants ISP’s to record secure transmission of messages with services like Facebook and Gmail, which are currently using SSL. I’d be curious to know how the UK government actually plans to pull this off. To pull that off they’d need to get browsers to include their root certificate so they can MITM […]

Data Driven Lives

We do many things throughout the day. Most of the time we don’t give these things much thought. Often they are repetitive tasks we do every day. Our “routine” we call it. It may be that bathroom break mid-day, or that coffee break. Or might be those n Google searches throughout the day. You might […]

GPS Spoofing Not Far Off

Today’s disturbing technical news goes to… “So far no credible high profile attack has been recorded but we are seeing evidence of basic spoofing, likely carried out by rogue individuals or small groups,” Humphreys explains. “Whilst the leap to more advanced, untraceable spoofing is large, so are the rewards. It’s therefore guaranteed that criminals are […]

On Gatekeeper

Gatekeeper is without question a bold move to prevent malware from impacting Mac OS X, but it will likely turn into a legal and ethical mess. Before I explain why, I’ll give a very high level overview. There are three options: Mac App Store – Only run applications from the Mac App Store. Mac App […]

How To Configure SSL For Apache Securely

I’ve been doing some reading up on best practices for SSL. From what I can gather, and seeing what other big sites are doing this seems to be the best practice as of today. This is assuming you’re in an OpenSSL 0.9.x (via mod_ssl) and Apache2 world, which is the majority of Linux/Unix based environments. […]

Use SSL By Default

Twitter is now the latest site defaulting to HTTPS. Kudos to them. I love seeing the web get more secure, even if it’s one site at a time. If you’ve got a site where login is required, please make sure to use SSL. It’s not that costly anymore. Even this blog uses SSL where necessary. […]