Should You Delete Your Patreon Account After They Laid Off Their Entire Security Team?

A nuanced answer to the obvious question in response to Patreon firing an entire Security Team in 2022.

The Furry Fandom Vulnerability

How to De-Anonymize Scam/Knock-off Sites Hiding Behind CloudFlare

Update (2021-01-09): There’s a newer blog post that covers different CloudFlare deanonymization techniques (with a real world case study). Furry Twitter is currently abuzz about a new site selling knock-off fursuits and illegally using photos from the owners of the actual fursuits without permission. Understandably, the photographers and fursuiters whose work was ripped off by […]


Fraudulent Apps on the Google Play Store: COVID-19 Contact Tracing Edition

Cryptographers around the world are still designing privacy-preserving contact tracing systems for combating the spread of COVID-19. Even though some papers have been published (one using zero-knowledge proofs, another based on blockchain (sigh)), the ink is still very wet. The first framework designed by Apple and Google needs work but was surprisingly not god-awful. That […]

Software Security

“Source Code Leak” is Effectively Meaningless to Endpoint Security

There are two news stories today. Unfortunately, some people have difficulty uncoupling the two. The Team Fortress 2 Source Code has been leaked. Hackers discovered a Remote Code Execution exploit. The second point is something to be concerned about. RCE is game over. The existence of an unpatched RCE vulnerability, with public exploits, is sufficient […]