I've recently seen a number of people recommending that I use various 3rd party DNS resolvers - CloudFlare, OpenDNS etc. One problem I've encountered with using some of these DNS servers is that they're set up for the North American...
Read More
Our thinking
Really good advice on passwords from Microsoft
Microsoft have published a white paper - Microsoft Password Guidance that contains some very good advice on what passwords need to be to be secure against modern password attacks and also shooting down some very long-held beliefs about the benefits of...
Read More
Read More
I’m harvesting credit card numbers and passwords from your site. Here’s how.
The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all. https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5 Basically $EVIL_HACKER issues a pull request against a large number of open source git repos of popular npm...
Read More
Read More
How the Meltdown and Spectre exploits work in layman’s terms
Thanks to Joe Fitz (Twitter: @securelyfitz) who has written a relatively easy to understand overview about how the recent #meltdown and #spectre bugs work in layman's terms: https://twitter.com/securelyfitz/status/949004862968143873 Let's say you go to a library that has a 'special collection'...
Read More
Read More
Deep dive into Apple’s recent High Sierra root authentication issue
Over on the highly-technical, and very informative, Objective-See blog, there is a great in-depth writeup on Apple's recent High Sierra root access bug. Why <blank> Gets You Root What is happening is if you try to log in as a...
Read More
Read More
How To Enable 2 Factor Authentication on your iCloud Account
Apple now have enabled 2 factor verification for iCloud - 2 factor means you need two things, such as a password and a code sent to your phone, to access your account. Enabling 2 factor authentication also means that your...
Read More
Read More
Remote root (?) exploit in Retrospect 8 for Mac OS X
So, you have to cut Retrospect a little slack, it's been passed around like a hot potato recently and has just found a home at Roxio now that EMC have washed their hands of it. The interface for the new...
Read More
Read More
E-mail Download Issue in Entourage With Exchange 2007 on Windows 2008
I encountered an issue with a client today where there were emails missing from their inbox in Entourage, yet when the user viewed their inbox in either Outlook Web Access, or used Citrix to view their inbox in Outlook, all...
Read More
Read More
Crypto Flaws
Over on Bruce Schneier's Blog, there's some interesting discussion about some attacks on AES encryption that have recently come to light. It's all highly theoretical at this stage, and the attacks require some very specific initial conditions to be set,...
Read More
Read More