Here we go again…

It seems like just the other day when I had to change a whole bunch of my passwords thanks to LinkedIn having it’s password database stolen by crackers, and now I’m having to do it again. This time it was Twitter that dropped the ball, but I am at least grateful that they’ve publicised the […]

Marcus Povey

It seems like just the other day when I had to change a whole bunch of my passwords thanks to LinkedIn having it’s password database stolen by crackers, and now I’m having to do it again. This time it was Twitter that dropped the ball, but I am at least grateful that they’ve publicised the […]

Squid Reverse Proxy security gotchas

Yesterday, there was a thread on hacker news highlighting that many sites around the world were making available potentially sensitive information about their site via Apache’s server-status link (provided by mod-status). The stated advice is to limit access to this and similar pages (such as the server info page provided by mod-info) by using Allow/Deny […]

Marcus Povey

Yesterday, there was a thread on hacker news highlighting that many sites around the world were making available potentially sensitive information about their site via Apache’s server-status link (provided by mod-status). The stated advice is to limit access to this and similar pages (such as the server info page provided by mod-info) by using Allow/Deny […]

Seriously, we need to get rid of passwords

It is the second time in as many days that I’m having to log into things and change passwords because of some less-than smart design decisions various web companies made when implementing their password database (looking at you Linkedin and Last.FM). While these companies have clearly made a dangerous snafu, lets not be overly harsh […]

Marcus Povey

It is the second time in as many days that I’m having to log into things and change passwords because of some less-than smart design decisions various web companies made when implementing their password database (looking at you Linkedin and Last.FM). While these companies have clearly made a dangerous snafu, lets not be overly harsh […]