Tag: security
-
SQRL Poised To Save Us From Password Hell
A few times every decade we get to witness the emergence of a truly revolutionary back-end technology breakthrough. I recall following OpenID in the mid-00’s, reading some of the early discussion groups and blog posts, eventually watching it become supplanted by OAuth. Which would go on to drastically simplify the way most people log in…
-
DIY Internet: More on personal VPNs
A few followup thoughts regarding Monday’s post about setting up a personal VPN. Self-Sufficient, DIY Internet All the Facebook Cambridge Analytica nonsense has really emphasized how dependent we have become on third party services and social networks. As I thought about it, the idea of being self-sufficient online has really started to appeal to me.…
-
How to: Set Up A Personal VPN
Skill Level, Novice: To set this up you’ll want to be mildly comfortable with the command-line. But you won’t necessarily need know (or care) about the technologies involved. Way back in 2010, firesheep scared my pants off. I was traveling for work when it dropped and I became acutely aware of just how vulnerable my…
-
Huge Vulnerability in WordPress 4.8
Anthony Ferrara discovered a significant security vulnerability and an even more fundamental security flaw in WordPress. The correct fix is to ditch this whole prepare mechanism (which returns a string SQL query). Do what basically everyone else does and return a statement/query object or execute the query directly. That way you can’t double-prepare a string.…
-
Facebook Security Force
A neat little tidbit about Facebook security in this post from The Verge. Good Guy Facebook proactively scans lists of hijacked account and warns users if they appear on one of these lists. Facebook cross references credential dumps with its entire database of user credentials, then alerts any users that match to change their passwords.…