Could it be that they were full of it the whole time? (answer: yes)

"Internet of Things" is the current hotness. Few people realize what a security disaster this is going to be. If Mattel, a well funded, well established company can screw up so badly, just imagine what all the under-funded rushed kickstarted projects are going to be like. Then imagine the company that originally released the product is bankrupt a year later and nobody is issuing security patches. And all the clueless users installing these all over. I think this will be worse than even Windows XP ever was.

Just as I posted about this kind of stuff, Target has another breach. You'd think they'd have learned by now.

Addressing the idiocy and ignorance of officials asking for an "encryption backdoor" in the name of security. It's like telling the bank to leave a coy of the key to the vault under the welcome mat.

Nice explanation of one of the most common hacking techniques.

Few people understand computer security, and that's ok because it's complicated. It's not ok when said people are making laws related to it. This article explains why some of the things that government agencies want aren't actually feasible nor a good idea.

This goes to show how vulnerable we are to a hack by a dedicated attacker.

Computer security is hard to do. Just look at what a disaster it was for MS in the pre-Win7 era, and they are a software company! You cannot just add security to a system as an afterthought, it needs to be something that permeates the design. The problem is that it is hard and time consuming (though expensive) to do right, and it doesn't get reflected in the bottom line until disaster strikes. Then it's too late.

"Techies" criticize the closed App Store ecosystem that the iPhone pioneered, but they forget just how awful the alternative is for regular users. This article can serve as a reminder of what a cesspool Windows can be.

Who's the genius executive in Gogo that thought this was a good idea?

Hacking a large corporation is easier than most people think. The weakest link tend to be the non-technical humans.

EFF is going to start providing free TLS encryption certificates. This is great.

Law enforcement officials and even a Washington Post editorial are criticizing Apple's use of full encryption in iOS 8 and forward where not even they can break it. This is good for privacy and all these people are doing is spread FUD or displaying incredible levels of ignorance (or both).

Added this to my RSS reader. In light of everything happening lately, should be an interesting thing to follow: "A critical, campaigning column on vital issues of civil rights, freedom of information and justice – and their enemies, from the award-winning journalist, former constitutional litigator and author of three New York Times bestsellers."

So this unofficial app is available for Android. It allows you to use Apple's iMesage service. Cool, right? It's a security disaster: A user installs it, and types in their Apple ID account information. This goes to a server in China which stores it and spoofs (fakes) an iMac connected to iMessage using the credentials. So it allegedly works. But you are giving your Apple ID password to an unknown entity in China. Your Apple ID is very likely tied to an iTunes account, which is very likely tied to your credit card. Oh, and this app can also install any software on your phone without your permission. Google and Android do nothing to protect the average user. Yet the average user is not a computer security expert with perfect judgement. This is where Apple's App Store rules and tight security shines through. It protects the average user from their own ignorance. And that's a good thing because not all users can be expected to be experts before getting a smartphone.

Clever: botnet of fast servers rather than puny little PCs. No signs that The MKX® is under attack, and I'm not really worried that my password can be cracked (1Password FTW!). But interesting nonetheless.

Friends don't let friends: - Use their browser's password autosave, because it's trivial for anyone to recover it. See also: http://www.hongkiat.com/blog/how-to-retrieve-passwords-from-asterisks/

Excellent, detailed, slightly technical, highly scary article on password hacking.