I’ve been mulling this one over for a while. And honestly, after a post to an internal global mail list at work putting forward my ideas, I’ve come to realise there are at least two camps in information security: Those who aim via various usual suspects to protect things Those who aim via various often… Read More


A colleague of mine just received one of those awful marketing calls where the vendor rings *you* and demands your personal information “for privacy reasons” before continuing with the phone call. *Click* As a consumer, you must hang up to avoid being scammed. End of story. No exceptions. Even if the business has a relationship… Read More


Everything now works.   The quick version is: Create a new Fedora 18 VM Do not use “Easy install” Disable 3D acceleration in the VM settings (Command-E) prior to starting the install, otherwise you get a spinning idle cursor and no action upon first boot Install as you see fit. I use a 64 bit… Read More


I have taken the step of finally splitting the cut-n-paste import from my blog at Advogato into the days they actually occurred. All that content was here previously, but in some cases bunched together over many thousands of lines in single massive multi-month postings. Some early permalinks are gone, but that’s okay, you can search… Read More


This post is not in Latin, but essentially a call to the Information Security industry to end policies based upon¬†argumentum ad antiquitatem, which includes: Password change, complexity and length policies and standards that simply don’t make sense in the light of research and tools that show that we can crack ALL passwords in a reasonable… Read More


So in a fit of security through obscurity, I renamed my WordPress database tables and promptly broke WordPress with a highly informative “You do not have sufficient permissions to access this page.” error message when accessing wp-admin. Changing the prefix is easiest done with a new installation, but my installation dates from the very first… Read More