Microsoft's Chain of Fools

On Monday this week, Brian Krebs broke a story [https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/] that the NSA had discovered a critical flaw in Microsoft Windows software responsible for core security functions including, among other responsibilities, verifying the identity of other computers on local networks and the internet as well…

My $169 development Chromebook

How Chrome OS, Termux, YubiKey & Duo Mobile make for great usable security [https://user-images.githubusercontent.com/326990/28650249-715b8460-7248-11e7-993f-38e56cc56022.png] -------------------------------------------------------------------------------- Update I'll give this a proper update in the coming days, but much of this post is no longer needed. First class support for native VMs and…

A day in the life of a nasty Word Malware

This is a write-up from an incident in 2015, but many lessons still apply today. > Only 10 out of 55 anti-virus engines detected the malware, and those that missed it include some major players: Microsoft, TrendMicro, Symantec, Kaspersky, FProt, Bit Defender, Comodo, Fortinet and Sophos. The only two major…

Barebones LetsEncrypt cron job

This is a barebones, simple LetsEncrypt cron job shell script to auto-refresh TLS (or SSL v 4 if you prefer) certificates. If you host your own site, the easiest solution is probably to run a Caddy [https://caddyserver.com/] web server and let it do the heavy lifting. But if…

About

I'm an odd duck. My formal training is in computational neuroscience & clinical research, specifically around signal and image analysis, using machine learning for real-time classification and pattern recognition. Besides my research, much of my energy for the past several years has been focused on networks, public cloud…