hardware

Phishing and Security Keys

Posted on

When it comes to online security, confusion about the risks can lead people to obsess over obscure threats while ignoring key innovations that could truly protect them. Even highly-targeted users like politicians and activists don’t fully appreciate the scourge of phishing, and many aren’t familiar with an emerging form of two-factor authentication known as “Security […]

security

Security of Password Managers

Posted on

There’s new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plain text copies of the password lying around memory? Don’t forget to read the Comments!

security

Password Managers: Under the Hood

Posted on

Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings […]

email

Secure Email Providers

Posted on

There have been numerous privacy scandals with large email providers over the past few years, prompting many to look for the best secure email that respects user privacy. Why switch to a secure email provider? With so many different types of users, there is no single “best secure email” service that will be the top […]

security

Password Stealers

Posted on

Password security has always been a challenge. Brute force attacks are constantly getting more powerful, but they aren’t the only threat you have to worry about. A range of password stealing malware continues to grow in popularity. These password stealers are each capable of stealing credentials and other information from a wide variety of programs. […]

security

Password Constraints

Posted on

You’re probably familiar with some of the most common requirements for creating passwords. A mix of upper and lowercase letters is a simple example. These are known as password constraints. To start, let’s look at the impact of an eight-character length constraint alone. There are 95^8 possible combinations of 8 characters. Just by requiring both uppercase […]

hardware

Internet Hacking To Get Much Worse

Posted on

It’s no secret that computers are insecure. The risks are about to get worse, because computers are being embedded into physical devices and will affect lives, not just our data. Security is not a problem the market will solve. The government needs to step in and regulate this increasingly dangerous space. The primary reason computers […]

privacy

Using Signal correctly

Posted on

There is a major issue with Signal: Your account is tied to your phone number. This makes these apps really easy to use, since there are no usernames or passwords to deal with. It also makes it easy to discover other app users; if someone is a contact in your phone and has the app […]

hardware

Why Air Gaps Won’t Protect Your Data

Posted on

One Important Caveat As impressive as all of Guri’s work is, they all carry one critical assumption that limits their effectiveness. For all them, Guri assumes that someone can get physical access to the air-gapped computer, and be able to successfully install malware on it. That means most of your air gaps are safe. But […]

security

Qubes U2F Proxy

Posted on

The Qubes U2F Proxy is a secure proxy intended to make use of U2F two-factor authentication devices with web browsers without exposing the browser to the full USB stack, not unlike the USB keyboard and mouse proxies we’ve already implemented in Qubes. For even more protection, you can combine this with the Qubes firewall to ensure, for example, that the browser in […]