Comcast assigned every mobile customer the same unchangeable PIN to protect against SIM hijack attacks: 0000

If someone wants to steal your phone number — say, to intercept the two-factor authentication SMSes needed to break into your bank account or other…

Continue Reading

The war we try to ignore

As information security professionals, our goal is to protect information against attacks on confidentiality, integrity and availability. Today, I want to talk about integrity of…

Continue Reading

Even with security flaws, you should be using a password manager

Yesterday, the Washington Post ran an article about some important security research on password managers, describing a number of serious vulnerabilities in some of the…

Continue Reading

Things to worry about in 2019

In this post, I wanted to take a break from telling you what *I* think the things that should keep you awake at night (at…

Continue Reading

Something’s not quite right…

Apparently, I am a man ahead of my time. While I have always sensed that there is something not quite right about the universe, scientists…

Continue Reading

What does your password say about you?

Using what we security experts call “crappy passwords” can be the first step in a journey to identity theft and all of its attendant miseries. …

Continue Reading

E.U. software bug bounties for open source software 👍

Here is a great example of how international cooperation can make the Internet more secure for us all… the European Union has announced “bug bounty”…

Continue Reading

Not all two factor authentication is created equal

Two factor authentication  is an important security tool; by using 2FA, an attacker get ahold of your user name and password still can’t get into…

Continue Reading

Open S3 Buckets: From Bad to Worse

Just when you thought that the whole “globally readable Amazon S3 storage buckets” thing couldn’t get any worse, it did. According to a study by…

Continue Reading

The (not paranoid enough) Android

The train wreck that is Android security continues… A new strain of malware by security firm Wandera found in China has the following charming characteristics,…

Continue Reading