There’s an article circulating right now about how Amazon customer service can be exploited to reveal targeted mailing addresses. I discovered and reported a similar vulnerability in December of 2014, which was reported to me as fixed in May of 2015. I haven’t publicly documented that process until now. The vulnerability I discovered relates to […]
Tag Archives: security
Limiting Javascript to secure origins in Firefox
I’m a Firefox user, but I was very interested to read Chris Palmer’s guide to privacy and security settings in Chrome. One thing he did that really intrigued me was enabling Javascript only on secure sites. It ends up being a pretty good default not just because it prevents attacks that rely on Javascript injection—like […]
An email signature to encourage encryption use
A great way to encourage more ubiquitous email encryption is to let people you’re emailing know that you’re equipped to use it, and that they can be too. Some people use PGP signatures for that purpose, but inline signatures can be off-putting to people who don’t know what they are, and attachments can be similarly confusing. […]
Guide to security guides
Here are some resources I’ve found very useful for getting through the many communication options that are presented as secure. “The State of Mobile, Cross-Platform, Encrypted Messaging” – This is all about mobile apps for end-to-end crypto. My money’s on TextSecure once it’s out for iPhone. Since the major version upgrade it’s been one of […]
It wasn’t Yahoo that was hacked
I’ve been disappointed to see a lot of journalists get a recent story about security breaches and Yahoo Mail wrong. In particular, I worry that this kind of misleading reporting will contribute to worse security practices for both the companies that users trust with their data, and the users themselves. First, here’s what happened: Yahoo […]