People or organisations often think about software security as only defined by the software itself. As long as the software has the right features I’m ok, right?Continue reading “Software security — process, operations and software — in that order”
How long are you supposed to hold on to your digital identity? What does it even mean to have a digital ID?
In part 2 of this series we walked through the thought process around your digital ID. Once that’s established, you need to protect the keys and other secrets attached to this identity, such as passwords and cryptographic keys. In this blog post I will write about my own personal approach to this with some recommendations. Continue reading “Securing your digital home – part 3: keys and other secrets”
In part 1 of this new blog post series, I explained what one’s “digital home” is and why one might want to secure it. In this blog post, we’ll start with the foundation of a secure life — identity. Continue reading “Securing your digital home – part 2: identity”
With the recent news concerning the arrest of Marcus Hutchins — the security researchers who stopped the biggest-ever ransomware attack — I’ve been thinking (more than usual) about the ethics of software development. But before we go into that, who’s Marcus Hutchins and what did he really do? Continue reading “Should developers be responsible for potentially harmful software?”
Your own digital privacy and security is incredibly important these days. So many aspects of our day-to-day life rely on digital services. I don’t think you would ever leave the door unlocked to your home while you’re away, leave you bedroom window blinds open while you’re sleeping or broadcast your private conversations over speakers on the street outside. Nevertheless, this is metaphorically what’s happening to most people’s digital homes when appropriate care is not taken. In this blog post series we will cover things you can do to better protect your digital home. Continue reading “Securing your digital home – part 1: overview”
Up until a few weeks ago I never used tools like password managers or digital keychains to keep track of my passwords, recovery codes etc. I’ve had a system in my head for each service and password where I consistently could (kind of) encrypt each password into a 16 character long string. All passwords were unique for private as well as work. However, it’s become harder and harder to maintain this system and keep track of everything. It’s also been a bit inconsistent because I’ve had to keep things such as two-factor authentication recovery codes on an encrypted external hard drive which isn’t easy to access when I need it. I needed a better system. Continue reading “Padlock – my new password manager”
Having a basic understanding of encryption and digital signatures has become important as history has repeatedly taught us that we can’t trust everyone on the Internet (e.g. Internet service providers, email services etc.). This blog post will try to explain in a non-technical way how encryption and digital signatures work and why something called “private keys” are important to keep secret! Continue reading “Non-technical explanation of encryption and digital signatures”
I have for the longest of times been a Firefox user. I love what Mozilla, the foundation behind Firefox, has done to bring more freedom, transparency, privacy and security to the web. But there’s a lot more work to be done because online monetization is centered around tracking user behavior by compromising on users’ privacy and security with methods like browser fingerprinting, third-party cookies and malicious online advertisements. And yet, no web browser out-of-the-box do a good job of protecting the user against these things, special plug-ins or configuration is needed which is a barrier for many people. And yet, the fundamental problem is still not solved, i.e. limited options for publishers to monetizing their content. Continue reading “Brave – my new web browser”
Have you heard about the latest Wikileaks release called Vault 7?
The short version: If you ever were sceptic about “USA is spying on everyone on the Internet” you can stop being sceptic now… Since 7 March we know, for a fact, that they’re capable of hacking into, listening and recording on pretty much any server and any private device with an Internet connection. It’s actually real. Continue reading “What is Vault 7? And how not to be spied on”