My $169 development Chromebook

How Chrome OS, Termux, YubiKey & Duo Mobile make for great usable security Backstory In the last year while talking to respected security-focused engineers & developers, I've come to fully appreciate Google's Chrome OS design. The architecture benefited from a modern view of threat modeling and real-world attacks. For example,…

A day in the life of a nasty Word Malware

This is a write-up from an incident in 2015, but many lessons still apply today. Only 10 out of 55 anti-virus engines detected the malware, and those that missed it include some major players: Microsoft, TrendMicro, Symantec, Kaspersky, FProt, Bit Defender, Comodo, Fortinet and Sophos. The only two major vendors…

Barebones LetsEncrypt cron job

This is a barebones, simple LetsEncrypt cron job shell script to auto-refresh TLS (or SSL v 4 if you prefer) certificates. If you host your own site, the easiest solution is probably to run a Caddy web server and let it do the heavy lifting. But if you need a…