Wednesday, July 06, 2011

Securing your passw^H^H^H^Hgp private key


I saw this article today by @DSchwartzberg at Sophos about Google indexing PGP private keys, easily found if you know what to search for. It reminded me that I had to finish this old blog post which has been waiting in line for some months now. Lets get straight to the point: How do you protect your GPG/PGP private key?

Monday, July 04, 2011

Passordsikkerhet fra MultiCase

men hvordan er sikkerheten?
Multicase AS er et selskap som leverer et komplett forretningssystem til en lang rekke bedrifter i Norge. En av mange moduler er en løsning for netthandel. Selskapet oppgir selv en rekke referansekunder på sine nettsider, blant annet Bergans, FotoVideo og NetShop. Flere kunder er lett å identifisere via GoogleSikkerheten rundt lagring og sending av passord i løsningen til Multicase er ikke i tråd med anbefalt god praksis. I ytterste konsekvens kan det få store konsekvenser for dem selv, deres kunder, og sluttbrukerne selv.

Friday, July 01, 2011

One Spam To Spam Them All!

This is a plain boring blog post. In fact, it's a blog post that in a perfect world would be completely unnecessary to write. In my world, this blog post is necessary in order to make Microsoft Exchange admins, as well as mailgateway/antispam operators and operations security people aware of a very simple, but highly important configuration issue in Microsoft Exchange.