security

The Scooter Computer

router

The Scooter Computer

When we initially deployed our handbuilt colocated servers for Discourse in 2013, I needed a way to provide an isolated VPN channel in for secure remote access and troubleshooting. Rather than dedicate a whole server to this task, I purchased the inexpensive, open source firmware friendly Asus RT-N16 router, flashed

By Jeff Atwood ·
Comments
Welcome to The Internet of Compromised Things

security

Welcome to The Internet of Compromised Things

This post is a bit of a public service announcement, so I’ll get right to the point: Every time you use WiFi, ask yourself: could I be connecting to the Internet through a compromised router with malware? It’s becoming more and more common to see malware installed not

By Jeff Atwood ·
Comments
Given Enough Money, All Bugs Are Shallow

open source

Given Enough Money, All Bugs Are Shallow

Eric Raymond, in The Cathedral and the Bazaar, famously wrote: Given enough eyeballs, all bugs are shallow. The idea is that open source software, by virtue of allowing anyone and everyone to view the source code, is inherently less buggy than closed source software. He dubbed this “Linus’s Law.

By Jeff Atwood ·
Comments
Computer Crime, Then and Now

security

Computer Crime, Then and Now

I’ve already documented my brief, youthful dalliance with the illegal side of computing as it existed in the late 1980s. But was it crime? Was I truly a criminal? I don’t think so. To be perfectly blunt, I wasn’t talented enough to be any kind of threat.

By Jeff Atwood ·
Comments
I Was a Teenage Hacker

security

I Was a Teenage Hacker

Twenty-four years ago today, I had a very bad day. On August 8, 1988, I was a senior in high school. I was working my after school and weekend job at Safeway as a cashier, when the store manager suddenly walked over and said I better stop ringing up customers

By Jeff Atwood ·
Comments
Make Your Email Hacker Proof

security

Make Your Email Hacker Proof

It’s only a matter of time until your email gets hacked. Don’t believe me? Just read this harrowing cautionary tale. When [my wife] came back to her desk, half an hour later, she couldn’t log into Gmail at all. By that time, I was up and looking

By Jeff Atwood ·
Comments
Speed Hashing

hashing

Speed Hashing

Hashes are a bit like fingerprints for data. A given hash uniquely represents a file, or any arbitrary collection of data. At least in theory. This is a 128-bit MD5 hash you’re looking at above, so it can represent at most 2128 unique items, or 340 trillion trillion trillion.

By Jeff Atwood ·
Comments
Should All Web Traffic Be Encrypted?

security

Should All Web Traffic Be Encrypted?

The prevalence of free, open WiFi has made it rather easy for a WiFi eavesdropper to steal your identity cookie for the websites you visit while you’re connected to that WiFi access point. This is something I talked about in Breaking the Web’s Cookie Jar. It’s difficult

By Jeff Atwood ·
Comments
Cutting the Gordian Knot of Web Identity

security

Cutting the Gordian Knot of Web Identity

Perhaps you’ve seen this recent XKCD about password choice? It prompted a spirited debate – even on our very own Security Stack Exchange – about the merits of the argument presented there. Now, to be clear, I’m completely on Randall’s side here; I’m all for passphrases over passwords,

By Jeff Atwood ·
Comments
The Dirty Truth About Web Passwords

security

The Dirty Truth About Web Passwords

This weekend, the Gawker network was compromised. This weekend we discovered that Gawker Media’s servers were compromised, resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. If you’re a commenter on any of our sites, you probably have several questions. It’

By Jeff Atwood ·
Comments
Breaking the Web’s Cookie Jar

security

Breaking the Web’s Cookie Jar

The Firefox add-in Firesheep caused quite an uproar a few weeks ago, and justifiably so. Here’s how it works: * Connect to a public, unencrypted WiFi network. In other words, a WiFi network that doesn’t require a password before you can connect to it. * Install Firefox and the Firesheep

By Jeff Atwood ·
Comments