On Monday this week, Brian Krebs broke a story [https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/] that the NSA had discovered a critical flaw in Microsoft Windows software responsible for core security functions including, among other responsibilities, verifying the identity of other computers on local networks and the internet as well…
How Chrome OS, Termux, YubiKey & Duo Mobile make for great usable security [https://user-images.githubusercontent.com/326990/28650249-715b8460-7248-11e7-993f-38e56cc56022.png] -------------------------------------------------------------------------------- Update I'll give this a proper update in the coming days, but much of this post is no longer needed. First class support for native VMs and…
This is a write-up from an incident in 2015, but many lessons still apply today. > Only 10 out of 55 anti-virus engines detected the malware, and those that missed it include some major players: Microsoft, TrendMicro, Symantec, Kaspersky, FProt, Bit Defender, Comodo, Fortinet and Sophos. The only two major…
This is a barebones, simple LetsEncrypt cron job shell script to auto-refresh TLS (or SSL v 4 if you prefer) certificates. If you host your own site, the easiest solution is probably to run a Caddy [https://caddyserver.com/] web server and let it do the heavy lifting. But if…
I'm an odd duck. My formal training is in computational neuroscience & clinical research, specifically around signal and image analysis, using machine learning for real-time classification and pattern recognition. Besides my research, much of my energy for the past several years has been focused on networks, public cloud…