So, apparently some time in October and unbeknownst to me, my website got (was given?) an SSL certificate so that it would resolve via https. I accidentally discovered this today and spent a few minutes setting up the appropriate redirects so that everyone is forced to use https links to access my site. I may still have a few administrative redirects and some bookmarklets to tweak along the way, but the whole process was far simpler than I would have expected.

A nice side benefit is that now the Simple Location data I’d like to use will now self-populate when I make posts relating to location!

👓 A few notes on Medsec and St. Jude Medical | Matthew Green

Read A few notes on Medsec and St. Jude Medical by Matthew Green (A Few Thoughts on Cryptographic Engineering)
In Fall 2016 I was invited to come to Miami as part of a team that independently x0000_sjm_quadraassuramp20crt20dvalidated some alleged flaws in implantable cardiac devices manufactured by St. Jude Medical (now part of Abbott Labs). These flaws were discovered by a company called MedSec. The story got a lot of traction in the press at the time, primarily due to the fact that a hedge fund called Muddy Waters took a large short position on SJM stock as a result of these findings. SJM subsequently sued both parties for defamation. The FDA later issued a recall for many of the devices.

It’s amazing to read just how insecure some mission critical medical devices can be.

Syndicated copies to:

Let them paste passwords | NCSC Site

Read Let them paste passwords (ncsc.gov.uk)
Allow your website to accept pasted passwords - it makes your site more secure, not less.

One of the things people often tweet to us @ncsc are examples of websites which prevent you pasting in a password. Why do websites do this? The debate has raged – with most commentators raging how annoying it is.

So why do organisations do this? Often no reason is given, but when one is, that reason is ‘security’. The NCSC don’t think the reasons add up. We think that stopping password pasting (or SPP) is a bad thing that reduces security. We think customers should be allowed to paste their passwords into forms, and that it improves security. Continue reading “Let them paste passwords | NCSC Site”

Syndicated copies to:

Trump private security force ‘playing with fire’ | POLITICO

Read Trump private security force ‘playing with fire’ (POLITICO)
The president-elect continues to employ a battalion of retired cops and FBI agents to protect him and clamp down on protesters.

Continue reading “Trump private security force ‘playing with fire’ | POLITICO”

Syndicated copies to:

Chris Aldrich is reading “Moving Toward SSL”

Read Moving Toward SSL (WordPress News)(2016 years 11 months 1 day 7 hours 40 minutes 40 seconds)
We’re at a turning point: 2017 is going to be the year that we’re going to see features in WordPress which require hosts to have HTTPS available. Just as JavaScript is a near necessity for smoother…
Syndicated copies to: