Timing Attack on SQL Queries Through Password Reset

Just to assuage any panic, let me state this up front. If you’re reading this blog post wondering if your account is at risk, good news: I didn’t publish it until after the vulnerability was mitigated, so you’re safe. You don’t need to change your passwords or anything. This write-up is purely for education […]

(Anti-)Social Media Badness

A Balanced Response to Allen Gwinn

Responding to “Our cybersecurity ‘industry best practices’ keep allowing breaches”