Finding a Hacked Server

a mostly true story | Continue reading | 23 hours ago

Now they have 2FA problems

the proliferation of TOTP secrets | Continue reading | 3 days ago

The design flaws of password managers

I once worked in highly regulated environments and needed a way to recall dozens of complex passwords that changed frequently. I tried to use a password manager, but could not due to the burdens and insecurity of some common design flaws. | Continue reading | 13 days ago

A Survey of security.txt

I was curious to know how many popular websites have already uploaded a security.txt file and how many followed the most recent draft. So, I wrote a small Go program to check the Alexa Top 1 million websites. | Continue reading | 15 days ago

Learning to Blog in 2021

I'm new to blogging | Continue reading | 20 days ago

They want us to be compliant, not secure

Compliance versus security | Continue reading | 21 days ago