Recently, I was forced to challenge a long-held notion about SSL: that the overhead was so significant that it ought to be used sparingly. I had held this belief for a long time, dating back to the preteen years of the web. The idea was that SSL caused a large...
How does a one-time password work? Photo by EdwinMSarmiento If you read a previous article I wrote, you’ll remember that I mentioned the use of multi-factor authentication. One common tool for implementing the something you have factor is the one-time password. When...
Passwords are everywhere. We have too many of them. We know we shouldn’t re-use them, but we already have too many and we can’t remember another one. So we use one in multiple places and we get in trouble when one website is compromised. They cost us time and money...
Have you ever worked on a Rails app? That app is vulnerable to a new crop of exploits discovered in the waning days of 2012. Rails 3.2.11 (and 2.3, 3.0, and 3.1 releases) patches those flaws, but until someone runs gem update or bundle , an attacker can execute...
In order to store private data in an iOS Core Data database, there are several methods available for encryption, including: iOS-level data protection based on the device passcode open source projects like SQLCipher for iOS that encrypt the database file However,...
