The Brave Web Browser: Faster and More Secure
It is a Brave new (browser) world out there. Almost since the start of the World Wide Web, users have had different preferences of how to access it. Some like Firefox, some Safari, some Chrome, some Opera, some Chrome, some… You get the picture. The “browser wars” ebb and flow in intensity. A relatively new […]
What is Credential Stuffing and Why Should I Care?
You should know by now that using common passwords is a bad idea. And you may have heard of recent password breaches and that you should change passwords on breached sites. But there is an additional threat: credential stuffing. Whenever there is a breach where usernames or email addresses are disclosed and can be matched […]
A Cyber Security Income Opportunity: Freelance Bug Finder
I recently wrote about the Cyber Security Staffing Shortage, and how it meant good things for those interested in careers in cyber security. Here is another – potentially quite lucrative – opportunity: bounty hunter. I’m not talking about the bounty hunters you see in movies or television shows, though. I’m talking about bug finders. You […]
What Is Web Metadata Encryption and Why Is It Important?
Your data may be encrypted when you use https, but what about your metadata? I wrote about metadata and eavesdropping earlier this year – it is, among other things, the URLs of the websites you visit. If attackers can access this information, they can learn some potentially confidential information about you, and you are unlikely […]
WebAuthn: Toward the End of Passwords On the Web
Frequent readers of this blog will know that I am constantly looking for alternatives to passwords. Some reasons are: they can be shared so a system cannot tell who the real user is, they can be forgotten, when stored improperly they can be leaked. Passwords fall into the single-factor category of “something you know” (the […]