Lessons from Meltdown and Spectre — and how to stay safe in the world of uncertainty
by Gene Shablygin, on Tue 09 January 2018
You never know what kind of data can be accessed in a new vulnerability, so the only reasonable assumption is that any data in your program, database or file is vulnerable.
This New Year’s resolution? Dropping usernames & passwords.
by Gene Shablygin, on Mon 08 January 2018
Passwords are insecure, and we need to get rid of them. But usernames, which are often overlooked, are downright dangerous.
Did we really learn anything from the Equifax data breach?
by Perry Chaffee, on Wed 20 December 2017
If a company says it "protects" your data with usernames and passwords, they basically hate you and are complicit in helping hackers steal your data (and your identity). Yes, I said it. They hate you. Human readable credentials, like those exposed with Equifax, must not continue to be used as identification for any purpose. I see it over and over - the only thing companies are telling us to do is the same thing that they were suggesting five or six years ago, and that’s to make our passwords more complex. Usernames and passwords are obsolete and we must consider them ALL compromised whether we know it yet or not. So what can you do?
4 ideas about securing user data in web applications
by WWPass, on Tue 21 November 2017
In the modern world, more and more applications move to the cloud, or to be more specific,to somebody else's servers. Common solutionnowdays is to make an application a web service, accessible from any modern browser. This solution has its upsides and downsides. One of the downsides is that the way your data is read, modified and stored is not under your direct control. Problems with data security, accessibility, integrity or unauthorized access may lead to huge losses for the data owner, either financial,reputational or emotional. The web service provider usually cares about the data up to the price users pay for the service, plus some reputational costs, but that's still less than the value the users have to pay when their data is lost or compromised. This can be mitigated in various ways.
iPhone X's facial recognition: What could go wrong?
by Perry Chaffee, on Thu 16 November 2017
The annual Apple event is possibly one of the most anticipated technology events throughout the world. This year, the company revealed its iPhone X – one of the most advanced phones on the market, but what wasn’t so great about it? The facial recognition technology, and I’m not talking about the work Apple put in to the phone to ensure a printout of your face won’t unlock the phone. Biometrics as a first authentication factor looks cool in movies, but in actuality opens up more vulnerabilities.
Single Sign On Solutions and How They Make You Vulnerable
by Brian Kelley, on Wed 16 August 2017
Single sign-on could be the closest thing we have to an authoritative and universal passport, both for your local device and the internet in general. But authentication that excludes intruders and also proves the user's identity is still an area that stops most SSO solutions from ever getting it completely right.