This weekend, Rob and I had been testing the use of hardware keys to secure ssh sessions, especially for back-end console access and certain administrative functions. Since the hardware keys are a special case, and cannot be added to the ssh-agent, we were slinging around a fair number of command …

Over the past few weeks, RS and I have noticed an increasing number of unexplained failures logging in over SSH with both manual and automated means. On most of the servers it was just an inconvenience, but as it started to become more frequent, it became a significant issue for …

There's an excellent article, Keeping Secrets, on medium today (originally from the November/December 2014 issue of Stanford Magazine) about the conflict between academic work on cryptography and the NSA's role in national security. Most of the focus is on what happened and not on who was right or wrong …

Ah, a new release.... must be time for another slew of articles aimed at getting press and money for the "security" folks out there. For those of us with Macintoshes, here is my take on the whole Macintosh virus situation. Every time a new OS release comes out, a whole …

The Atlantic has a scathing article about TSA airport security, citing a number of demonstrated attempts (with success) to get past the "security theater" that is our current airport security system. Don't read this article if you believe that TSA security works and you're safer because of it--it might be …

An article from MacWorld tells that analysts from The Yankee Group (unlike those from Gartner and some other IT analysis groups) think that both the security and policy issues about the iPhone have been overblown. Basically, it boils down to not being any worse than any other smart phone, and …

There are a lot of ways to manage passwords for web-based services. If you're like me, you have logins on an absolutely insane number of places. I've used a lot of different tactics for maintaining passwords and logins in the past, and every site I go to has a slightly …

Last night, Apple released the first update to the iPhone, software version 1.0.1. The update is only available via iTunes and is automatically applied the next time you sync. If you haven't applied it yet, you might want to do so before the weekend, as the big hack …

Inspector General Fine found that the FBI overreached its authority by heavily using the National Security Letter system. The report has not been denied by the administration and has, in fact, been acknowledged as a "serious problem" by FBI Director Mueller and Attorney General Alberto Gonzales. Thanks to CNet for …

The US patent system is under fire again this week (this time by an article in Wired) for putting the rights of patent holders above the research and security implications thereof. In this particular case, the issue is HID Global (ironically self-tagged as "The Trusted Brand") going after a security …

Researchers at Princeton have released findings from their study of the Diebold AccuVote-DS (which the EFF claims is Diebold's most widely used voting product) and have concluded that there were major flaws in the system that they tested. Diebold, for their part, answered with a press release, accusing the researchers …

A web page on Ohio University's web site details a series of incidents involving access to social security numbers of employees, students, and alumni... now, what they need with the SSNs of 137,000 alumni is a really good question, but it's not just them. This is yet another in …

An article from the Washington Post's Security Fix blog (by Brian Krebs) today indicates that Apple's mean time to fix a security flaw considered severe is about 90 days from the time of the report to the delivery of patches to customers via Software Update. [Note: a similar article about …

I understand if everybody takes this with a grain of salt given my particular predilection for Macintosh computers and OS X in particular, but there's been a lot of talk lately about the "increasing number" of found "security holes" on the OS X operating system. Unfortunately, the folks who find …

Andre Cantor, writing for USA Today, posits this article, where he honestly suggests that Boot Camp will encourage Mac users to switch to Windows. Where to begin? First, this guy is the technology writer and self-avowed "know-it-all" who covers technology for the Roanoke Times, a former editor for PC Magazine …

Last evening, Apple released the first security update for 2006 (Security Update 2006-001 for Intel and PPC). Detailed information is online in About Security Update 2006-001. More details follow here, but the summary is that they have addressed a wide variety of problems, including just about every facet of the …

Without further ado, the folks at Unsanity have described (in more excruciating detail than I did yesterday) the latest OS X malware threat and have not one, but two, solutions to the problem. UTISafariExploitFix is localized to helping Safari avoid doing bad things to your system, by stopping the problem …

Now that things are starting to become much more clear about the Oompa-Loompa "virus" (AKA, Leap.A), I figured I'd try to put things into perspective and give a few of my thoughts on the whole thing. For those who haven't heard, there has been concentration this week on reports …

I was quite happy to see that Apple decided to include amavis / clamav / spamassassin in OS X 10.4 Server, but although I found the virus protection nice, the spam protection looked weak in comparison to my previous experience with spamassassin. So, here's how I fixed that... A few things …

An article from Wired details the exploits of the three young hackers (16,19 and 20) who broke in to the LexisNexis databases and had access to the personal data of over 300,000 people. Of particular interest is the account of how they got access to the law enforcement …