I've just been looking at a nice new tool called sysdig, which seems to be really useful for analysing and troubleshooting on production systems. There's a great blog post by Gianluca Borello, detailing how he set up a number of honey-pot servers with poor passwords, and then captured system activity with sysdig, showing exactly how … Continue reading Sysdig – A general purpose system capture and analysis tool
An excellent and informing interview with the founder of the Lavabit email service, who was recently involved in a legal case with the FBI, who attempted to force him to hand over SSL encryption keys. This was of course the email service used by Edward Snowden, so attracted a lot of attention. There's some really … Continue reading Interesting Interview With Ladar Levison of Lavabit
There's a new piece of ransomware in the wild, called Cryptolocker. It's a nasty piece of software that uses public/private keypairs to background encrypt all your documents and files, and then helpfully let you know it has done it. Then - you will be asked to pay $300/€300 to unlock your files. If you don't, … Continue reading Cryptolocker – Seriously Problematic Ransomware
Distruptive technologies ocassionally come along which can make a big difference in computing. Something in the early days which I heard about last week was the SQRL authentication proposal by Steve Gibson. This proposal aims to address the extremely big problem of user and password authentication across the internet. This is a huge and annoying … Continue reading SQRL (Squirrel) Authentication – Bye bye usernames and passwords?
Do you have an Android phone? Some interesting news I read this week was that an innocuous (on by default) setting on Android phones can save your Wifi passwords on Google's servers. It also backs up all your app settings, bookmarks and so on. This isn't that worrying - it could be considered a useful … Continue reading Google’s Password Storage Database
Is it a crisis? The latest news from the NSA snooping debacle suggests it is. If they have the means to deliberately insert vulnerabilities into well known encryption standards and circumvent others, then what were previously thought to be secure connections, to banks, email providers and search engines, may not be anymore. Bruce Schneier issued … Continue reading Engineering Around The Privacy Crisis