Assault on the Hash (or how to make secure your passwords)

In a recent episode of Build & Analyze Marco Armet (creator of Instapaper) explained that the standard practice of salting a hash is no longer a really good way to secure passwords. CPUs (and GPUs) are so fast that they can effectively guess your salt in a reasonable amount of time*. The solution, use bcrypt. … Continue reading Assault on the Hash (or how to make secure your passwords)

How To Use Your iPhone to Stalk Yourself

It looks like the privacy hippies were finally right about something, your mobile phone really is a pocket sized tracking device. Turns out that as of iOS 4.0, iPhones have been tracking your physical movements and logging it along with the phone's backups. A small team of researchers have discovered these logs in iTune's backup … Continue reading How To Use Your iPhone to Stalk Yourself

Facebook Security Still Lacking

In October I blogged about a Firesheep, a Firefox plugin that highlights the¬†inherent¬†vulnerabilities in the way that Facebook and other websites handle sessions. TL;DR - Install the extension and with a click of a button you can capture un-encrypted Facebook sessions of any user using a WiFi network you're connected to (read the full post … Continue reading Facebook Security Still Lacking

Facebook Now More Secure

In a blog post today Facebook detailed some of their new security improvements: Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist … Continue reading Facebook Now More Secure