That must be the longest title I have ever written. It also pretty much sums up the affair. Passworded Folders is now listed as Secret Folders on the Samuco website and goes for $7.50 per license. The only change I am seeing is the location of the ’secret’ folder, now in “~/Documents/”, though absolutely no improvements whatsoever insofar as security have happened. It is almost a scam, though as far as application descriptions go I am sure the developer(s) can claim it was misinterpreted. So this, here, is your reinterpretation. Waste of money and a false sense of security.

As I have found out today, Twitterrific’s default behaviour is to use base64 encoding for logging into Twitter. Now, you may or may not care about that, but it is very insecure and it makes it relatively trivial for someone to grab your username and password. Here is an easy way to make it safer.
«Continue Reading»

The only reason I’m writing about this comes from the fact that the application caught my eye in the RSS stream from Apple’s downloads site. Just a friendly warning about the ’security’ of the application.

«Continue Reading»

PCI Certified by Scanless PCI

So feel free to entrust me with your CCs, they are heavily guarded against malicious users. They are properly encrypted with 2049-bit strength encryption in my fortified data centre. Doors to server rooms are magnetically shielded so that if anybody tries to walk out with hard drives, they get wiped with the 35-pass Gutmann algorithm. There are armed guards with orders to shoot anyone on sight. Trust me, your docs are safe with me.

Enter CC information below

If you keep informed of the movements that are going on in the computer security world, you would know that this week Vancouver was host to the CanSecWest Security Conference. Last year, CSW organizers had “Hack a Mac”, whereby owning their testlab Mac made it yours – plus a nice cash prize.

To take things further, this year the contest was extended to one representative of each of the major platforms: a MacBook Air, a Vista and an Ubuntu Linux. The MBA was first to fall, and while I tried to keep off comments about it… I can’t.

«Continue Reading»

Oh, the irony:

On the other hand: what difference does it make? Is it easier to track bot herders in IRC rooms? Or communications in encrypted e-mails? I’m not convinced…¹

1. and you know I’m not too crazy about Second Life [↩]

Well, as it is fitting, I’ve spent dinner eating and playing with TrueCrypt 5… coding theory can wait a few minutes longer =) So here’s my first 30 minutes with TC for Mac¹

«Continue Reading»

1. I’m focused on the Mac version because the others have been around for some time now [↩]

One day later than originally mentioned, the TrueCrypt Mac OS X port has been released, as well as updates for all the other versions. This is TrueCrypt v5, long awaited by terrorists, hacktivists, human rights’ activists, the opressed and the paranoid for about 8 months or so. Since I’m currently wrestling my way through coding theory problems, I will get back to you with some thoughts on the port later on. But if you’re adventurous yourself, check it out at http://www.truecrypt.org/downloads.php

While it may be a bit of a nuisance to enter it as often as you unlock the device, the iPhone passcode might become more than just a guard against the prying eyes of one’s curious-for-gossip friends - lately, there seems to be indication that sooner or later policemen may be able to simply take a look in your smartphones and similar devices if they so deem appropriate. As Ars Technica puts it:

«Continue Reading»

Since news hit the wire today that some versions of µTorrent and the official BitTorrent clients are vulnerable to DoS attacks, I’m sure the RIAA and their lackeys have launched a massive campaign to try and turn off users’ clients, even if only for a little while. Since many people run seedboxes, this could pose a problem.

This could pose a problem in the long run, too. Am I the only one to believe the RIAA will eventually start trying to corrupt trackers and/or clients? Since they seem to be losing legal battles, at some they might decide it’s more effective to find vulnerabilities and other problems and so disrupt the usage of p2p software altogether.