Thursday, December 27, 2018

A band-aid for Twitter's horribly broken security

If you manage a high-value Twitter account, consider creating a second, "burner" account. After enabling multifactor authenticati...
Tuesday, December 4, 2018

The most challenging aspect of security

Ever wondered what is the most challenging aspect to security? It's not understanding the evolving threats and actors. Certainly those a...
Tuesday, August 7, 2018

On teaching kids to make good security and privacy choices themselves

February 10, 2019: Since writing the below post, I've learned of a technique that is used to get around Instagram's obscuring unsoli...
Monday, February 12, 2018

Using malware's own behavior against it

A quick read for a Monday night. Last week while investigating some noisy events in my security monitoring system, I noticed two competing...
Wednesday, January 24, 2018

Seeing isn't believing: the rise of fake porn

The following may be disturbing to readers, but I feel it is important to write for several reasons. The first is, to stay a step ahead of ...
Friday, January 12, 2018

It's W2 scam season

Time for a short Friday afternoon social engineering‍ discussion. If you work in HR / finance / benefits, you'll want to stick with m...
Wednesday, December 20, 2017

A handy trick for proxying HSTS sites in Chrome

TL;DR: Chrome has a nifty undocumented trick that makes proxying so much more useful when testing sites using HSTS or pinned certs: whe...