cyber security

Protecting Sites When Using CloudFlare's CNAME Setup

In my current job I work with a number of clients who want CloudFlare in front of their sites, but are unable or unwilling to make CloudFlare their authoritative DNS provider. CloudFlare supports this, through something they call CNAME Setup. Basically, every subdomain you’d like protected by CloudFlare is configured with a CNAME record in your authoritative DNS to point to a CloudFlare subdomain, which then routes through CloudFlare to your site.

No, Fingerprint Login Isn't "Better than Nothing"

No more fingerprints

This week we learned that 5.6 million people’s fingerprints were part of the stolen data from OPM earlier this year. Samsung and HTC have come under fire for their (atrocious) implementation of fingerprint authentication that left fingerprint data unprotected on users’ devices. Apple’s Touch ID is arguably the most secure (and widely used) consumer fingerprint authentication system, but even it has flaws that have been exploited. There’s no such thing as bugless or unhackable software.

The Case Against Encrypted Text Messaging

Yes, you read that title correctly. I, of all people, am advocating against increased security measures for texting. Before we go any further, I want to be clear that I am 100% in favor of encrypted messaging. Let’s put encryption everywhere we can, and lots of it. Lest we forget, this site uses full-time TLS and there isn’t even sensitive data being passed back and forth. There’s a caveat to my security gusto, however: do it right, or don’t bother.

CISPA Passed the House, Now We Need to Fight it in The Senate

CISPA

Earlier today the House of Representatives voted to pass CISPA. While this is certainly an unfortunate and disappointing outcome, CISPA is far from becoming law. The bill now heads to the Senate, so once again we’ll need to rally together to defeat this onerous legislation. The Electronic Frontier Foundation set up a bunch of great tools for fighting CISPA with the House, and I’m sure it’s only a matter of time before they do the same for the Senate.

Do Your Part to Oppose CISPA

CISPA

The Cyber Intelligence Sharing and Protection Act, more commonly known as CISPA, is scheduled to go to the House floor for a vote as early as this afternoon. CISPA would broaden and streamline the sharing of internet traffic information between the federal government and technology providers and manufacturers, without safeguards for personal privacy protection. It endangers the free and open Internet, and if passed could have significant negative impacts on free speech, innovation and even the security of the very infrastructure it’s supposed to protect.

Open Wireless Movement: Why You Should Join

Let’s face it: these days it’s pretty tough to get things done without the Internet. Most people have at least one computer, and an increasing number of people have smartphones and tablets. Most of these devices become pretty useless without Internet connectivity, yet despite the massive proliferation of Wifi and 3G/4G, it can be difficult to find wireless access outside of your usual stomping grounds - especially if you don’t have a data plan with a cell carrier.

Social Engineering & Cyber Security: What Military Leaders Should Take from Kevin Mitnick's Presentation

Kevin Mitnick

Kevin Mitnick, the infamous hacker and social engineer turned security consultant, gave a presentation at this year’s History Conference at the Naval Academy today. He gave numerous examples of extracting information from people and companies by using their own trust and knowledge against them. His demonstrations likely startled many of the audience members with the range of methodologies and, more importantly, the success rate. Some may look at the seemingly endless list of ways attackers can obtain what they’re looking for and throw their hands up in despair.

The DNSChanger Worm and You

A couple of years ago some hackers started distributing a quirky little virus that would change the DNS servers your computer uses. The people responsible were located by the FBI and their data gathering system was terminated. Despite this you could still be infected, and affected, by the virus. For those unaware, DNS stands for Domain Name Service, and is the system that tells your computer where a web address is located.

How To Configure Your Yubikey for Maximum Usefulness & Security

For many months I’ve been using a Yubikey as a staple of my cyber security plan. It makes me exponentially more secure and at the same time makes it easier for me to stay secure. The only part of it that isn’t drop-dead simple is the configuration, though even that isn’t very difficult. I’m going to show you step by step how to configure your Yubikey to get the most out of it and set yourself up for success.

LastPass Now Supports Google Authenticator

LastPass, my password manager of choice, has added support for Google Authenticator as a method of two-factor authentication. For those unfamiliar, Google added two factor authentication support earlier this year, a component of which is a mobile app that generates a random 6 digit string that refreshes every 30 seconds. The app is free, and you simply scan a QR code to configure it. While I use Google Authenticator with my Google accounts, I haven’t yet tried it with LastPass since I use a Yubikey.