Information

by Paul Ducklin Apple’s AirTag system has famously been subjected to firmware hacking, used as a free low-bandwidth community radio network, and involved in a stalking incident that tragically ended in a murder charge. To be fair to Apple, the company has introduced various tricks and techniques to make AirTags harder for stalkers and criminals to exploit, given how given how easily the devices can be hidden in luggage, stuffed into the upholstery of a…

It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut There are several tools or software applications that enable us to stay connected with our fellow teammates even during gameplay, with the best of them having a low impact on our network connection while allowing important elements like tap-to-talk or messaging capabilities. Discord is one of the online services…

Don’t torture people with exceedingly complex password composition rules but do blacklist commonly used passwords, plus other ways to help people help themselves – and your entire organization When engineer Bill Burr from the U.S. National Institute of Standards and Technology (NIST) wrote in 2003 what would soon become the world’s gold standard for password security, he advised people and organizations to protect their accounts by inventing long and ‘chaotic’ lines of characters, numbers, and…

The recent compromise of the networks of several companies via the abuse of a remote access tool used by MSPs exemplifies why state-aligned threat actors should be on the radars of IT service providers Managed service providers (MSPs) that don’t consider themselves targets for state-aligned threat actors may need to think again. While many people may associate advanced persistent threat (APT) groups with cyberespionage targeting only state agencies and large corporations, the fact is that…

by Paul Ducklin World Password Day is always hard to write tips for, because the primary advice you’ll hear has been the same for many years. That’s because the “passwordless future” that we’ve all been promised is still some time away, even if some services already support it. Simply put, we’re stuck with the old, while at the same time preparing for the new. That’s why we’ve come up with four tips for 2023, but…

by Paul Ducklin We’ve written about PHP’s Packagist ecosystem before. Like PyPI for Pythonistas, Gems for Ruby fans, NPM for JavaScript programmers, or LuaRocks for Luaphiles, Packagist is a repository where community contributors can publish details of PHP packages they’ve created. This makes it easy for fellow PHP coders to get hold of library code they want to use in their own projects, and to keep that code up to date automatically if they wish.…