clickjane.css: A CSS User Style Sheet to Help Detect and Avoid Clickjacking Attacks

Clickjacking or, more formally, user interface redressing, is a class of security vulnerabilities similar to phishing scams. The technique uses web standards to trick unsuspecting victims into performing actions they were not intending to. Clickjacking does not rely on bugs in any software. Instead, the technique is simply an abuse of the growing graphical capabilities …

SECURITY FAIL: Workamajig.com encourages users to email cleartext passwords

Creative agency management tool company Workamajig.com is a sizable operation with an international client base. Their product used to be called “Creative Manager Pro” which I can only assume they changed because it wasn’t actually creative enough. Anyway, it turns out that Workamajig has what is without doubt the absolute worst error message I can …

One Minute Mac Tip: Create an encrypted disk image to store confidential files

Nary a day goes by when I don’t use my computer for some extremely personal stuff. I would consider it a Very Bad Thing if some of this information (my bank account details or private SSH keys, for instance) fell out of my control. Everyone has sensitive files that they keep on their computer and, …

YubiKey and OpenID: Two great tastes that taste better together

In some communities, this is sort of old news, however I’ve recently become aware of an exciting and affordable security product called the YubiKey, manufactured by Yubico. The YubiKey is a $35 USD one-time password second-factor authentication token that uses 128-bit AES encryption to provide identity verification. That’s a mouthful, but what it really means …

One Minute Mac Tip: Securely erase files from the command line

Security provisions are one of those “things” that Mac users have been snooty about—for good reason—for decades. However, I’d dare say that, even though the UNIX architecture of the underpinnings of Mac OS X is much more secure than most other popular operating systems (cough, Windows, cough), much of the security benefits that Mac users …

One Minute Mac Tip: Use Mac OS X’s Keychain to Store, Recover, and Sync All Your Passwords From One Place

Since Mac OS X 10.2 Jaguar, Mac users have been accustomed to the ease of use of Apple’s very cool Keychain Services technology. The Mac OS X Keychain basically a secure database of all your passwords, sorted into files called (unsurprisingly enough) “keychains.” Each user account on a Mac OS X system has a login.keychain, …

The 10 Geekiest Leopard Features I Will Probably Love

This is already horribly old news, and by old I mean several days ago since that’s about as fast as it takes technology news to grow old, but Apple is releasing Mac OS X 10.5 “Leopard” at the end of this month. Apple is calling this release a “major upgrade,” and indeed Apple has rarely …

The Simplest Personal Email Spam Solution EVER!

I have the simplest personal email spam solution in the world. I use Apple’s Address Book and, in it, I keep all the email addresses I ever want to get mail from. In Apple’s Mail program, I simply tell it that email from an address in my address book is exempt from being treated as …