Unscrewing Security

RSSSubscribe to this blog
About Author

Alec Muffett is a veteran security geek who believes strongly in common sense, full disclosure, defence in depth, privacy, integrity, simplicity and open source. He is an independent consultant, writer, and speaker specialising in security education.

Contact Author

Email Alec

Twitter Profile

Linked-in Profile


Recent Posts

The Google Dialogues: Search Neutrality

Transparency is great; backseat regulation in the name of fairness, not so much...

Sometimes I feel that the primary differences between Socratic Dialogues and Strawman Arguments are that: a) the former are apparently respectable, but the latter are fallacious, and... b) everyone since 399BC is not Socrates I too am not Socrates -...

Tags: foundem, google, parliament, pictfor, search engine optimisation, search neutrality, security

Merry Christmas - it's another Twitter XSS bug!

Festive fodder for Cybersecuritypseuds

Update: fixed now, less than 8 hours later. Isn't technology marvellous ? Recently Twitter bought TweetDeck, a provider of custom twitter-browsing clients which were popular amongst many Twitterati for dealing with bulk tweet-management. Twitter subsequently axed the main TweetDeck client,...

Tags: security, twitter, xss

NetApp, Sophos join list of tech being used by Syrian state snoopers

"Dual-use" technology: who is meant to be the bad guy?

If you're in any part of the security industry you will know the phrase dual-use technology; it's the umbrella term for any technology that can be used for both "good" and "evil" from the perspective of whomever is speaking at...

Tags: dual-use, interception, netapp, privacy, security, sophos, syria

#LondonCyber: our very own Star Trek conference

Billions and billions... shields to maximum until it's all over

So the FCO's London Conference on Cyberspace is here - and on Twitter - and you cannot have missed yesterday's press trailers: BBC Cyber attacks on the UK are at "disturbing" levels, according to the director of Britain's biggest intelligence...

Tags: cybersecurity, cyberwar, gchq, home office, london, security, theresa may, william hague

Username: Google ; Password: 2bon2btitq

Passwords are hip again; but can we please just get past the "word" aspect?

Google are (in partnership with Citizens Advice Bureau) running a campaign about how to stay safe online, and to this end adverts are appearing in London tube trains explaining how to create longer, more memorable passwords, using an example from...

Tags: advice, authentication, cryptography, google, identity, password, security, sso

Amazon, Google, the Platform and Security

An Ex-Amazonian Googler's justifiable hostility towards Security

A few days ago Steve Yegge posted a rant to his Google+ account with the intention that it would stay Google-internal. Oops. You can read the rant - now replicated all over the net, for instance YCombinator or mirrored back...

Tags: amazon, architecture, design, google, google+, security, volvo

Jeremy Hunt requests Google become "Big Brother" on behalf of the British Government

DCMS demands freebie Googlespying, else "legislation will ensue"

Gadzooks! Here's the Telegraph article with my emphasis added: Jeremy Hunt, the Secretary of State for Culture, Media and Sport, is to tell Google and other search engines that they should play a greater role in the fight against online...

Tags: copyright, dcms, jeremyhunt, security

Rare OSX 1Password flaw exposes plaintext passwords, password history

Bug rapidly caught and fixed, but users should check their logfiles for sensitive data

Sunday afternoon I was writing a CWUK posting using my Snow Leopard Macbook Air - plus Chrome, Safari, all the other usual suspects, as well as 1Password, a password-keysafe product from AgileBits. It's not clear what happened next, but as...

Tags: 1password, osx, passwords, security

Full-Disclosure, Unredacted WikiLeaks, Security and The Guardian

The Guardian doesn't "get" openness when it suits their purpose

It's not often that one gets to call a Guardian piece all of illiberal, misconceived and self-serving, but it seems to be what happens when one or more of their writers are backed into a corner after doing something silly....

Tags: cablegate, guardian, passwords, security, wikileaks

Riot

and Communication

This evening at a barnstormingly good Reading Geek Night I was chatting with a somewhat older "ICT" chap and told him that I do security. We spoke of privacy, we spoke of secrecy, and the subsequent conversation went somewhat like...

Tags: blackberry, communication, privacy, security