If you run firefox– install https everywhere now

I'll do a post later about session hijacking, firesheep and the evils of non https based websites. In the meantime, if you use firefox be sure to the run the https everywhere extension.  Without https everywhere I would be concerned about accessing my accounts on a public wifi network.  HTTPS Everywhere forces the browser to use https when accessing any website that supports both http and https.

(By the way If you have a security question, or question on any of the topics I cover on my blog leave a comment and I’ll be happy to do a post answering your questions)

Read More

The 3 A's of security when buying a coffee

The three A's of security are  authorization, authentication and auditing.  While these A's apply to computer security they are also present in most transactions.  For example, lets look at what happens when Igor wants to buy a coffee:



When Igor goes to buy a coffee with his credit card, the cashier starts by asking Igor for a Picture ID, then the cashier swipes Igor's card (which dials the head office to make sure there is money), finally a receipt is

printed. After all that Igor gets his coffee. Let's look at the 3 A's in this transaction

• Authentication - Prove the entity is the entity -  Ensure Igor is Igor by making sure the picture on his drivers license matches his face.


• Authorization - Prove an entity is allowed to do something - Ensure Igor is allowed to place a 5$ charge on his credit card.


• Auditing - Record what has occurred - Write down that a coffee was purchased.

Authentication, Authorization, and Auditing in the coffee shop

Read More