Fraudsters Use Padlocks, Too: More on Certificate Use and Abuse
Jan 29,
2019
A couple of months I wrote here about HTTPS and website security from a user standpoint. I need to add to that because bad guys can also use the digital certificates that make browsers show green padlocks or avoid notices about unencrypted sites. The issue here is that the certificate that lets a site use […]
Keep Your Certificates Up To Date
Nov 3,
2017
Someone from a major aerospace manufacturer asked me for some cybersecurity assistance a few months ago. A security audit had resulted in a worrying but mystifying warning about SSL certificates. Their secure web site would cease functioning in just a few days. We fixed that, but similar deadlines are approaching over the next two years […]
Are You Absolutely Certain That You Have The Real Source Code?
Jul 18,
2016
Why would you want to build a Linux kernel? Maybe you realize that there’s a local root exploit possible on your kernel version. Maybe you want to take advantage of improved storage performance or extended network capability. Maybe you need a very specific kernel version to support a combination of your motherboard hardware plus network […]
Skeptical Looks at Cryptography
Mar 22,
2016
We cannot have cyber security without cryptography! Confidentiality requires encryption of the sensitive data. Integrity is important, hash functions let us detect inappropriate modification of data and system configurations. Authentication of users and hosts can be done in many ways, and the more secure methods involve hash functions, encryption, or some combination of the two. […]
Let’s Encrypt- What you Need to Know About the EFF’s Initiative
Jan 6,
2015
If you’ve been reading this blog for even a little while you might think I am obsessed with encryption and authentication (especially passwords). You’d probably be right, even though I am not under the illusion that either is any type of panacea. You’d probably guess that I’d be excited that the Electronic Frontier Foundation (EFF) […]