by
Jeffrey Goldberg
There are a lot of technical terms that mean something very specific to cryptographers but often mean something else to everyone else, including security professionals. Years ago I wrote about what it means to say that a cipher is “broken”. Today’s word is “infeasible”.
Continue reading
by
Jeffrey Goldberg
I’d like to take a moment to talk a little bit about how people who study password behavior go about their job. In the process, I would like to thank all password researchers and, in particular, Mark Burnett for both his years of excellent research and the help he has provided to other researchers. He is unequivocally one of the good guys, even if …
Continue reading
by
Jeffrey Goldberg
Editor’s note: this blog was published in 2015, and refers to versions of 1Password that are no longer available.
Continue reading
by
Jeffrey Goldberg
Copy & Paste clipboards (or “pasteboards” as they are called on Mac and iOS) can be dangerous places for secrets if you have malicious software running on your device. On most operating systems – mobile and desktop alike – most running applications can read from the system clipboard. When you copy a secret to the system clipboard, a malicious …
Continue reading
by
Jeffrey Goldberg
When a large number of websites are discovered to have been vulnerable, as is the case with websites running recent versions of Drupal, people need clear and unambiguous advice that you can act on. And so, our clear and unambiguous advice is: If you have a username and password on a site which has been using Drupal for its content management, you …
Continue reading
by
Jeffrey Goldberg
A new security bug, commonly known as Shellshock (Officially CVE-2014-6271, is bad. It is fair to say that a large number of servers (particularly web servers) were vulnerable to serious attack for some time. It is likely that many still are, and we are unlikely to learn about most of them.
Continue reading