It’s OK, I planned on getting phished today anyway.

read more

In the last few months, several of my friends have had either their laptops or phones stolen. It’s only after I really thought what that would mean to me that I realised how serious this would be. It used to be that if my phone got stolen then I would lose my address book and my text messages; if it gets stolen now then I lose a device which has full access to my Google account, i...

read more

Dr. Richard Clayton from the University of Cambridge (who writes for the very good Light Blue Touchpaper site) was interviewed for the Pods and Blogs podcast on the 18th December 2007 in the wake of the ...

read more

Apparently at the end of this month I’ll be sent a small tool to make my online banking more secure. It’s called PINsentry. As far as I, as a selfish user, can see it’s actually designed to make my online banking experience slower and limi...

read more

At my last workplace, where I was employed between 2003 and 2005, we had a web services system which used SOAP across two different programming languages (Java and C++) and had a potential future in another two (.Net and Python). We had some, what you might call, practical considerations. If you like, you can check the dates on

read more

I hope that you’re not putting a lot of faith in the new biometric passports (my wife just got one) because any half-capable programmer with an RFID reader can obtain the details stored in them. Within minutes of applying the three passports to the reader, the information from all of them has been copie...

read more

Or at least, it sucks at work for most purposes. Why? You’re dependent on an external server that has nothing to do with your company You’re passing your chat about work projects through a third-party server! It’s against the ToS for MS Messenger Limited message length (a complete pain for easily sharing ...

read more

No2ID spokesman Dave Gould …. said “Why are we spending public money on this technology when it hasn’t been approved by Parliament? Surely that isn’t the way a democracy works? “Why aren’t you informing the public about everything you are doing to create a database of all of our movements. “This is a breach of civil and personal liberties. No other country in the worl...

read more

Greasemonkey has a massive security hole in it which, depending on the scripts you have installed, can allow any website to read the contents of your hard drive (this is the case as far as I understand it, please leave a comment if I have the details wrong). This is very major. In addition to being a massive exp...

read more

Six characters? Three? Do you have a minimum at all? Should there be a minimum length for a username? Why can’t I have a one-letter username? Obviously there’s a fair chance that someone might have taken it before me, but still, what’s stopping me? Are enforced-username lengths a security issue? If you allow one-letter usernames, then perhaps there’s a better chance of brute-forcing the passwor...

read more