Forty-four per cent of those questioned said they didn't believe the phone would interfere with the plane's instruments, but — perhaps more worryingly — 27 per cent said they couldn't cope without a switched-on phone and nine per cent said they couldn't turn off their phone as being uncontactable was unacceptable (we're assuming they weren't the brightest in the sample). § There's much debate about whether phones really can interfere with instrumentation, with the general feeling that the risk isn't worth taking and that as they generally won't work anyway it's not a big deal to ask flyers to turn them off. Some planes do have in-cabin coverage, but that only gets switched on above 10km to avoid interfering with ground networks.

Now you can quickly view your DomainKeys, DKIM, and SPF validitay, and SpamAssassin score in one place. Just send an email to any address @www.brandonchecketts.com. Then check here to see the results.

It’s taken a long time but today we bring the first installment in a series of posts highlighting VPN providers that take privacy seriously. Our first article focuses on anonymity and a later installment will highlight file-sharing aspects and possible limitations.

The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years – or nearly 900 million devices– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.

Without the support of two major browsers and major websites most internet users are missing out on the security benefits of perfect forward secrecy. Without the protection of PFS, if an organisation were ever compelled — legally or otherwise — to turn over RSA private keys, all past communication over SSL is at risk. Perfect forward secrecy is no panacea, however; whilst it makes wholesale decryption of past SSL connections difficult, it does not protect against targeted attack on individual sessions. Whether or not PFS is used, SSL remains an important tool for web sites to use to secure data transmission across the internet to protect against (perhaps all but the most well-equipped) eavesdroppers.

Spotify supports unicode usernames which we are a bit proud of (not many services allow you to have ☃, the unicode snowman, as a username). However, it has also been a reliable source of pain over the years. This is the story of one time when it bit us pretty badly and how we spent Easter dealing with it.

There’s a strong case to be made that as Facebook and Twitter have amassed such huge user bases we should take advantage of the fact that so many of their users are already logged in and just one click away from entering your app. I know that argument all too well, because I made it to my colleagues. We tried that experiment, and found that while there are some marginal improvements to login failure rate, they come with a price. Do you want to NASCAR-up your login page? Do you want to have your users’ login credentials stored in a third-party service? Do you want your brand closely associated with other brands, over which you have no control? Do you want to add additional confusion about login methods on your app? Is it worth it? Nope, it’s not to us.

The text below is now part of the official documentation of mitmproxy. It's a detailed description of mitmproxy's interception process, and is more or less the overview document I wish I had when I first started the project. I proceed by example, starting with the simplest unencrypted explicit proxying, and working up to the most complicated interaction - transparent proxying of SSL-protected traffic1 in the presence of SNI.

We already showed you how to build a Beautiful REST+JSON API, but how do you secure your API? At Stormpath we spent 18 months researching best practices, implementing them in the Stormpath API, and figuring out what works. Here’s our playbook on how to secure a REST API.

The vast majority of 3G and 4G USB modems handed out by mobile operators to their customers are manufactured by a handful of companies and run insecure software, according to two security researchers from Russia.

|< First   < Previous   11–20 (168)   Next >   Last >|