Tag: HTTPS

A couple of months I wrote here about HTTPS and website security from a user standpoint. I need to add to that because bad guys can also use the digital certificates that make browsers show green padlocks or avoid notices about unencrypted sites. The issue here is that the certificate that lets a site use […]

Someone from a major aerospace manufacturer asked me for some cybersecurity assistance a few months ago. A security audit had resulted in a worrying but mystifying warning about SSL certificates. Their secure web site would cease functioning in just a few days. We fixed that, but similar deadlines are approaching over the next two years […]

Why would you want to build a Linux kernel? Maybe you realize that there’s a local root exploit possible on your kernel version. Maybe you want to take advantage of improved storage performance or extended network capability. Maybe you need a very specific kernel version to support a combination of your motherboard hardware plus network […]

We cannot have cyber security without cryptography! Confidentiality requires encryption of the sensitive data. Integrity is important, hash functions let us detect inappropriate modification of data and system configurations. Authentication of users and hosts can be done in many ways, and the more secure methods involve hash functions, encryption, or some combination of the two. […]

If you’ve been reading this blog for even a little while you might think I am obsessed with encryption and authentication (especially passwords). You’d probably be right, even though I am not under the illusion that either is any type of panacea. You’d probably guess that I’d be excited that the Electronic Frontier Foundation (EFF) […]