1 day agoEncrypt your iCloud data now (so only you can get to it)For the longest time, I fought putting anything important in any cloud service, with the notable exception of my email. The reason? Most clouds do not encrypt your data such that only you can read it. In many cloud services, everything is stored as a plain file or plain text…4 min read4 min read
Sep 14, 2022iOS 16 iMessage editing won’t let you get away with making bad decisionsA fantastic new feature of iOS 16 is the ability to edit iMessages. But that doesn’t mean you’ll be able to get away with anything. When you send a message, if you long hold on the message, you get the ability to edit the message. But you can only edit…Imessage2 min readImessage2 min read
Sep 9, 2022Password managers are an exercise in trustI’ll admit that I was late to the game on password managers. For anything relatively important, I refused to use one, instead choosing to use complex, memorized, passwords for any important site, like bank accounts. …Passwords4 min readPasswords4 min read
Aug 19, 2022TikTok is reading all the keystrokes you enter into its app, even if they’re meant for another siteA researcher who found that Facebook and Instagram are injecting tracking code into web pages that you visit, wrote a follow up report. In that report, the researcher noted the TikTok is able to capture every keystroke that you enter into a third party website viewed through the TikTok app. …Tiktok App3 min readTiktok App3 min read
Aug 15, 2022The Facebook and Instagram apps are modifying websites you visitYou might want to rethink having social network apps on your phone, but not because you’re addicted to scrolling or concerned about misinformation. According to new research, the Facebook and Instagram apps can track you when you click to visit non-Facebook and non-Instagram sites. The scenario is easy. Imagine that…Facebook4 min readFacebook4 min read
Jul 8, 2022Apple is making it easy to avoid security vulnerabilities completely, but for a priceAs any security practitioner will tell you, the tradeoff between security and usability is a constant tug of war. The more secure you make a system, the harder it becomes to use. But when you’re talking about software security, there’s another angle. …Cybersecurity3 min readCybersecurity3 min read
Dec 14, 2021The log4j vulnerability shows vulnerability management can’t come down to only a scanThe first article I saw on December 10 about the now infamous log4j remote code execution vulnerability (CVE-2021–44228), buried the lede. Posted at 10:39pm Central time on December 9, the headline read: “Minecraft and other apps face serious threat from Log4j code execution bug.” Of course, the log4j Java library…Log 4 J4 min readLog 4 J4 min read
Nov 18, 2021Free me from the Apple Watch tyrannyThe Apple Watch now controls my day. Don’t feel bad for me. I brought this upon myself. The Apple Watch and other types of fitness trackers don’t tell you to get to 10,000 steps like the original trackers did. …Apple Watch4 min readApple Watch4 min read
Apr 12, 2021Watch out for those low severity security vulnerabilities, sometimes they’re bigger than they lookDo you know that every single website certificate your external perimeter is valid? What about your VPN certificate? Many companies have robust solutions in place to rotate certificates, but how can you actually guarantee that every IP has the correct certificate installed? One of the easiest ways is to use…Security3 min readSecurity3 min read
Apr 1, 2021Even though LastPass is no longer free, don’t give up on password managersNote (January 5, 2023): We found out there was a security breach of LastPass. Attackers were able to download the encrypted passwords of users, and the list of internet addresses associated with each user. LastPass seems to have made some questionable design decisions, and therefore I wouldn’t personally recommend using…Passwords6 min readPasswords6 min read