IoT Setup Procedures

Internet of Things devices are often sold with default credentials hardcoded into them. This is a problem, because those default credentials are used by attackers to exploit those devices for various purposes. Notably, this practice enabled the so-called 'Mirai' botnet.

Here's a better way to handle IoT setup that ...

more ...

The Modern Bertillion

Biometric factors are not suitable for authentication.

This is a bit of a radical claim - after all, biometrics are traditionally considered to be one of the traditional three factors, being "a thing you know", "a thing you have", or "a thing you are" - but biometrics fail on several very important ...

more ...

Brown Hat Security - Password Recovery Procedures

Password recovery procedures - for when users forget their passwords - are often an excellent way for an attacker to compromise security at an organization. The ability to bypass the normal authentication procedures enables the attacker by allowing them to ignore the usual security measures - sometimes in a way that allows access ...

more ...

Brown Hat Security - Weak Links: URL Shorteners

URL shortening services are a ubiquitous part of the internet now, with everyone and his brother coming up with a way to contract long addresses into something shorter and more suited for entering into a tablet or mobile phone. Unfortunately, this convenience comes at a cost, and some bad actors ...

more ...