There was an article recently based on a 2010 study that suggested that frequent password changes actually negatively impact security.

I agree with the article but feel that some of the commentary could be a little more nuanced. The thrust of the article is that forcing regular password changes irritates …

One of the security tenants that I live by is Kerckhoffs's principle.

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

-- Auguste Kerckhoffs, 1883

It's beautiful in it's simplicity and yet counter intuitive.

It's a beguiling myth that if you want to …

I've got a ThinkPad X220 and I've been a bit lax about patching the UEFI/BIOS. But recently this SMM "Incursion" Attack has been getting a bit of publicity and it's spurred me to try to patch it. It's worth noting that this bug is not specific to Lenovo, but …

I recently switched my laptop over from Debian Stretch to Arch Linux.

Debian is still my go to distribution for any server, but I felt like I was in a bit of a no man's land with my laptop. Debian stable (currently Jessie) is rock solid and reliable but I …

Let's Encrypt has been shaking things up in the Certification Authority world. Let's Encrypt certificates are free, automated and easy to install. They have been gaining market share like crazy. Some CA's have reacted to their loss of market share in interesting ways.

Let's Encrypt are not perfict, but they …