RAID is not backup

A number of friends have recently sought my advice on NAS and RAID solutions for storing their personal data. I do not usually give brand recommendations but I will discuss the technology involved. I have never used RAID nor found a need for it, this is because RAID (Redundant Array of ...

The Golden Key - TSA Locks and Encryption

Earlier this year, TSA master keys were leaked and ordinary folks were supposedly able to 3D print these keys and open any luggage with a TSA lock. Despite the huge uproar, I personally feel that it is not that big of a deal because Valuables go in hand carry, clothes go in luggage. Few people ...

Verifying JS Integrity

Yesterday, a CDN was hacked and malicious JS was served to a number of domains. Most websites make use of CDNs to serve up JS so as to reduce page load time. How do we protect ourselves from such attacks? I posed a similar question on Sec.SE some time back. Subresource Integrity is a new ...

Negative space

Sometimes, the lack of information is valuable information. The Washington Post reports that according to unnamed current and former US officials, the CIA pulled "a number of officers" from the US Embassy in Beijing as a precautionary measure following the breach — precisely because their names ...

Hacking Dropbox Space Race (NUS Style)

Disclaimer This post is for educational purposes only. If you succeed in getting NUS banned from future Dropbox space races, you will singlehandedly incur the wrath of all current and future NUS students. Honestly, I couldn't care less. In 2012, students from MIT hacked dropbox space race by ...

First Cyberinsurance claim?

I first came across the term cyberinsurance earlier this year while attending an information session in DC. At that point, it was suggested that there needs to be a benchmark that takes into account the cyber risks that companies are facing, for it to be feasible for insurance companies to ...