Second Edition in the works!

I was approached by the continuing education group at Duke University to give a lecture on computer security and privacy, which I did last October. It was quite the hit and I will now be teaching a 6-week course for Duke on the same topic, starting mid-April of 2016! I’m very excited! I’m planning to

Gone Phishin’ (LostPass)

LastPass is the password manager I recommend in my book and to anyone who asks. While there are a handful of good products like it, to me LastPass has a rock-solid security story and all the features anyone could want. You may have heard last week about a threat to LastPass called “LostPass” on the

Using Credit Freeze for Self Defense

Identity theft is arguably one of the worst things that can happen to a person, financially. When someone steals your identity, they can basically do anything you can do – including obtaining loans or credit cards in your name. And when the spending spree is over, you are left holding the bag. If it’s not

Windows 10 Privacy Issues

If you use a Windows computer at all, you’ve probably seen that annoying little pop-up message that keeps reminding you that Windows 10 is coming. Windows 10 is a free upgrade for most people and Microsoft is clearly banking on most people taking the Trojan horse free software. Microsoft is also counting on most people

LastPass data breach

LastPass has notified its users that it experienced some “suspicious behavior” on their servers and they believe that “email addresses, password reminders, server per user salts, and authentication hashes were compromised”. They also made clear that “we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed”.

Long time no hear

Sorry for the long break between posts. Lots going on for me right now. I would encourage you to have a look at my Twitter feed to keep track of key updates. It’s about the only thing I’ve kept up on lately.  

Security roundup (4/5/15)

Here are some top stories from the last month: The FREAK bug. You can read the in-depth info here, but the gist of this is that a “man in the middle” could force an encrypted HTTPS web connection to use really old and really weak encryption, thus allowing someone (probably the man in the middle)