IJIS plaintext offender

I am always pissed off when I discover that a site I use is a plaintext offender. Well, if they are mom and pop establishments that do not deal with money or personal data, I might exhibit a wee bit of tolerance. However, large cooperations have no excuse especially since salting and hashing is ...

Information Leakage

Piazza is a learning management system that allows students to post questions which are then answered by fellow students or the lecturer. One of the features of Piazza is anonymous posting where students can choose not to reveal their names. Unfortunately, correlations can be made through ...

Uber's github slip up

Background : Uber or one of its contractors uploaded a security key to a public github gist. Malicious actors were able to use the key to access the database and made away with personal details of 50,000 Uber drivers. Article here. This is one of those pesky little problems with version ...

Online text binning tool

I was doing my crypto homework and found that there was no text binning tool available online. Hence, I decided to write my own. A text binning tool is useful for: Encryption using a rail cipher Cryptanalysis of a vigenere cipher after you know the key length - useful to separate each bin so ...

Public Private Partnerships in Cybersecurity

Living in DC has accorded me a number of privileges. Chief among them is the proximity to government offices as well as many NGOs. I am literally walking distance away from their offices. As a result, I have attended a number of press conferences and panel discussions led by current and former ...

On Physical Authentication

Recently, I moved into a new environment and had the opportunity to witness a number of processes. This experience further reinforced in me the importance of policies over technical measures. Physical authentication is simple compared to its online equivalent. For a small sized population, we ...