If Microsoft thinks old Tor clients are risky, why not Windows XP?
Microsoft has been removing outdated Tor clients, stating that they pose a security threat, but if that's the case, what about other outdated software? Isn't that a threat, too?
Latest Posts
Don't have responsible disclosure terms? Maybe you're a jerk
The law is open to interpretation when a white hat breaks into a computer system with the intention of helping a business out, but both sides still appear to be breaking the cardinal rule: Don't be a jerk.
Google, Nokia, Ericsson, Samsung clueless on NSA's phone stalking
Although NSA's elite joint special operations command brags that they've been able to track switched off mobile phones for almost a decade, no one quite knows how they did it.
Tin foil hats need to come back in style if we're to save our privacy
We laughed at the tin foil nutters, called them crazy, but now that it's been found that the US is spying on everyone, of course they're nowhere in sight now that we need them.
Don't trust a company on its word, trust it on its tech
Should we trust that LinkedIn won't do anything bad when we give it our email account credentials? The better question is: Why on Earth are we even doing that in the first place?!
How vigilance saved a startup from a sophisticated robbery
It has the hallmarks of an advanced threat -- compromising the supply chain, being familiar with the server architecture -- but one startup managed to thwart being robbed by having a keen set of eyes and encryption in place.
Having a bug bounty doesn't mean you take security seriously
Yahoo pays US$12.50 for a cross-site scripting vulnerability that could compromise email addresses. Does that mean it doesn't take security seriously? Not necessarily.
A good password can still trump sketchy security
The worst happens: Your security vendor is caught out implementing double-decade-old and flawed algorithms to secure your password. But if administrators had picked a good password, it actually doesn't matter.
Labor not the only party clueless about its cybers
The incumbent Australian government might be clueless about its cybers when it crows on about the digital economy, but it turns out the Coalition isn't much to look at, either.
Twitter's two-factor system is more secure, but not necessarily better
Buying a new phone every time you want to make a call is secure, but it's stupid if you want to do anything of value. Likewise, when it looks like companies are adopting a consistent two-factor system, I shake my head when they go in another direction in the interests of "security".
Why you shouldn't worry that the NSA is inside Android's code
People worry that Google is accepting code from the NSA and pushing it into Android, but really, don't we want some of those code breakers showing us how to do it right?
A half-assed additional factor does not equal two-factor security
When is two-factor authentication not? When it's as bypassable as Yahoo's.
Does Australia even know what it's doing with its cybers?
Another report, another 'cyber' initiative. But we've been putting these projects, proposals, and plans out for years with very little difference in results or agenda. Which makes me wonder: Do we even understand what the 'cybers' are?
Why we need to stop cutting down security's tall poppies
We need to have a lower tolerance for lax security, but we also need to encourage those that are actually trying to do the right thing.
Do unseen passwords really need masking?
The latest beta version of Red Hat's Fedora operating system now chooses not to mask passwords by default in its installation, but should this become a standard practice?