Errata Security

Advanced persistent cybersecurity

Wednesday, June 27, 2018

Lessons from nPetya one year later

This is the one year anniversary of NotPetya. It was probably the most expensive single hacker attack in history (so far), with FedEx estima...

Sunday, June 24, 2018

SMB version detection in masscan

My Internet-scale port scanner, masscan , supports "banner checking", grabbing basic information from a service after it connects ...

Sunday, June 17, 2018

Notes on "The President is Missing"

Former president Bill Clinton has contributed to a cyberthriller "The President is Missing", the plot of which is that the preside...

Thursday, May 31, 2018

The First Lady's bad cyber advice

First Lady Melania Trump announced a guide to help children go online safely. It has problems. Melania's guide is full of outdated, i...

Wednesday, May 23, 2018

The devil wears Pravda

Classic Bond villain, Elon Musk, has a new plan to create a website dedicated to measuring the credibility and adherence to "core truth...

C is to low level

I'm in danger of contradicting myself, after previously pointing out that x86 machine code is a high-level language , but this article c...

Sunday, May 20, 2018

masscan, macOS, and firewall

One of the more useful features of masscan is the " --banners " check, which connects to the TCP port, sends some request, and ge...

Monday, May 14, 2018

Some notes on eFail

I've been busy trying to replicate the "eFail" PGP/SMIME bug. I thought I'd write up some notes. PGP and S/MIME encrypt ...

Sunday, May 13, 2018

Leaking securely, for White House staffers

Spencer Ackerman has this interesting story about a guy assigned to crack down on unauthorized White House leaks . It's necessarily ligh...

Wednesday, April 25, 2018

No, Ray Ozzie hasn't solved crypto backdoors

According to this Wired article, Ray Ozzie may have a solution to the crypto backdoor problem. No, he hasn't. He's only solving the...

Sunday, April 22, 2018

OMG The Stupid It Burns

This article, pointed out by @TheGrugq, is stupid enough that it's worth rebutting. “The views and opinions expressed are those of t...

Monday, April 16, 2018

Notes on setting up Raspberry Pi 3 as WiFi hotspot

I want to sniff the packets for IoT devices. There are a number of ways of doing this, but one straightforward mechanism is configuring a &q...

My letter urging Georgia governor to veto anti-hacking bill

April 16, 2018 Office of the Governor 206 Washington Street 111 State Capitol Atlanta, Georgia 30334 Re: SB 315 Dear Governor Deal...

Sunday, April 15, 2018

Let's stop talking about password strength

Picture from EFF -- CC-BY license Near the top of most security recommendations is to use "strong passwords". We need to stop ...

Sunday, April 01, 2018

Why the crypto-backdoor side is morally corrupt

Crypto-backdoors for law enforcement is a reasonable position, but the side that argues for it adds things that are either outright lies or ...

Thursday, March 29, 2018

WannaCry after one year

In the news, Boeing (an aircraft maker) has been "targeted by a WannaCry virus attack". Phrased this way, it's implausible. Th...

Monday, March 12, 2018

What John Oliver gets wrong about Bitcoin

John Oliver covered bitcoin/cryptocurrencies last night. I thought I'd describe a bunch of things he gets wrong.

Thursday, March 08, 2018

Some notes on memcached DDoS

I thought I'd write up some notes on the memcached DDoS. Specifically, I describe how many I found scanning the Internet with masscan ,...

Thursday, March 01, 2018

AskRob: Does Tor let government peek at vuln info?

On Twitter, somebody asked this question: @ErrataRob comments? — E. Harding🇸🇾, друг народа (anti-Russia=block) (@Enopoletus) March 1,...

Friday, February 02, 2018

Blame privacy activists for the Memo??

Former FBI agent Asha Rangappa @AshaRangappa_ has a smart post debunking the Nunes Memo , then takes it all back again with an op-ed on th...

View web version

Powered by Blogger.