Mostly online security, but also related to identity theft and protection, personal and home security and maybe even financial security.

Posts in the Security category
Local Docker Port Exposed - 06 Nov 2020

If you’re using docker with ufw (Ubuntu Firewall), your local ports may be exposed to the outside world. I recently read about this issue and when I checked, sure enough, the local ports of all of my docker containers were readily accessible. It felt like being caught with my fly down. Why in the world […]

How Secure Are Password Managers? - 24 Aug 2018

The idea of a password manager can seem insecure initially, because it means that a single password will reveal the gleaming treasure of all your passwords. But using a password manager is the recommendation of experts. And if you use the same password everywhere, like many folks do, all of your passwords would be exposed […]

Don’t Use SHA-1 for SSL Certificates - 07 Nov 2014

This week I helped a client re-key their SSL certificate due to having lost the private key. In the process, I was given the option to use SHA-1 or SHA-2. I figured 2 is better than 1, but then I read up on how SHA-1 is gradually being phased out in Google Chrome because it’s […]

How to Get an A+ on SSL Labs Report - 14 Aug 2014

As a follow up to my post on cheap SSL certificates, I learned that the certificate wasn’t the reason I was getting an A- on the Qualys SSL Labs test. But after a few configuration changes, I achieved the coveted A+ grade. First, find out your current grade by entering your web site here. If […]

Cheap SSL Certificate For Single Domains - 09 Apr 2014

First off, if you already run an SSL-enabled server, update your SSL certificates immediately. You can use this tool to see if your site is vulnerable to HeartBleed, a serious issue in OpenSSL. If you want to enable SSL for your web site or to spend less for your SSL certificates, read on. There are […]

Generate QR Codes For Google Authenticator - 10 Feb 2014

Every time I switch to a new cell phone I’ve had to disable 2-factor authentication on all my accounts in order to set them up on the new device. I just switched again and decided to make it easier. I had previously saved the secret keys for the various accounts in a secure location for […]

Keyloggers and How They Work - 04 Sep 2012

If you use a computer with a keylogger, your privacy is severely compromised. This screencast shows you two free keyloggers and how they work, as well as some tips on how to protect yourself. I demo Hooker (careful searching for that phrase…) and pyKeylogger.

Watch TED Talks in High Definition - 19 Jul 2011

While reading this reddit post about Mikko Hypponen’s TED talk, I concluded that some users either had incredible visual acuity or they were watching the video at a higher resolution than me. Then Mikko posted a comment recommending we watch it in HD. I looked around for a link to the high res version for […]

Identity Theft and Password Security - 09 Jun 2010

Here’s a cool infographic discussing the stats around identity theft and passwords. Via: Online MBA

Another Phishing Test - 08 Apr 2009

It’s been almost five years since I linked to a phishing test that measured your ability to distinguish between valid and fraudulent emails. Phishing is still a problem, perhaps even more so now. Browsers and web mail services try to filter out or at least notify you of a potential phishing scam, but fraudsters continue […]

Do You Really Have Any Online Privacy? - 01 Mar 2009

The recent Facebook terms of service changes and consequent complaints made me wonder how much privacy really exists if you’re active online. Starting with just a name, sites like 123People, Pipl and Zabasearch can find a phone number, photos, a street address, age, and other social networks like Facebook, LinkedIn or MySpace. With only a […]

No Longer Safe to Write Personal Checks? - 25 Nov 2008

Don Knuth has decided he can no longer write checks after being forced to close three checking accounts after they were subjected to multiple attacks by criminals. He says the way checks work is fundamentally broken. With the information on a check, a criminal can create an ATM card, impersonate a bank in another country […]

Wireless Security Alert – Use AES - 07 Nov 2008

If you have a wireless network using WPA, read this. A PhD candidate recently discovered a way to compromise a wireless network using WPA. Fortunately, the attack only works against TKIP (the default from what I’ve seen). The fix is to switch to AES encryption, usually the second option when you’re configuring WPA. I had […]

Monitor Disk Activity in Windows - 20 May 2008

I’ve had no trouble finding processor, memory and network monitoring tools on Windows. Process Explorer from SysInternals does a great job of showing processor and memory use (overall and for each process) and NetStat Live displays incoming and outgoing network traffic. The only thing missing was an easy way to see what processes were using […]