Menu

Fido Shootout - Too Lazy to Count Edition

I have loved Hardware based security for a Fucking eternity, and so I accumulated quite a few different Devices (for the rest of this article, "key" generally refers to the cryptographic keys to avoid confusion) over the years.so now I am going to compare them.

Webauthn's userVerification:preferred and its Pitfalls

Webauthn is a beauty. A relatively easy to implement way to allow users a secure 2-Factor experience. (easy enough that I could re-create my Webauthn Sandbox after losing it in my migration, FUN! Well, sarcasm aside, there are a few things I dont like with it, and one of them is the default state of the userVerification Flag. For anyone who isnt all-aware in Webauthn and stuff: more modern Fido2 devices are generally capable of a feature called userVerification, in ...

Pending Updates to Fido Shootout (Jan14 Edition)

So, I have a few things to update, but since writing it out in the middle in the night isnt awesome I'm just jotting them down, so I can get the news and corrections out as soon as Possible, and put them into the proper Article Later. 3 New Devices to Add Somu basically Solo in small 50 RKs stated and tested Updated Blue Yubi Yubikey-like thing with only FIDO things on, also the individual one I got being on ...

1Password joins the Dark Side (step 3)...

(I actually wanted to write about this in 2017 but I kinda forgot the draft, lol) Oh yeah, Password Managers, something I both love and hate at the same time, they can help with Security, but at the same time totally and completely destroy it, and the widely known Password Manager 1Password by AgileBits went on and annihililated customer trust. (and of course, I am going to need a Thesaurus, yet again -.- )

My1's Crazy Tech Ideas #01: Integrity header for proxies

Hi everyone, it's me again (not as if there would be many other options) I rather often have some pretty crazy Ideas and I kinda want to preserve them and also hear what the people think about them and maybe someone picks them up if they are good. so let's start with the first Idea of my set. Many people probably have heard of middleboxes or company-proxies and other similar things which attempt to "legitimately" play a Man in the ...

Quick Rant: Hosters and Updates [Update]

Hi it's me again. PHP7.2 Released today and I went around to do a quick check of some webhosters to see who can offer it, and well it is abysmal as always. We start off with the big German Hoster Strato which offers PHP 7.1, so far so normal, but they have a "newest version" label right next to it. Their excuse? well testing of course, but the even worse thing was the anser regarding the "newest version label". PHP ...

Steganos Privacy Suite 19 is a Joke

Let's be honest, I like ranting, but unlike others, I dont like to rant without at least having a point. And the point of this rant is Steganos' new Update of it's Privacy Suite and it has some neat features like converting Partitions on your drive into safes, but there's one of these which is the biggest joke I have seen in a long time. 2 Factor Authentication! 2FA isnt a bad thing in general, after all I have put ...

My1s TechTuts #1: Secure Authentication

With this Blog finally finished moving to it's new .tech domain (announcement later) it's time to write some techy stuff. So I think I'll be doing some tutorials. And the first one is about somethink I like, I use and I like using. Secure Authentication!

Nintendo Finally does PayPal!

One thing I have been seriously waiting for quite a while (especially since the debut of the Region-Free Switch) is the option of just paying via Paypal. Until now nintendo only supported Credit Cards and their Prepaid codecards, which are also common for gifting someone stuff more easily. the problem is that in more than enough places in this world, creditcards arent really common, also always having to get to some store to get your codecards is annoying, and to ...

Fun with Primeauth? Not really :-(

Hi again. Remember when I wrote about Primeauth the pretty promising and intresting authentication service? Well, to be honest, my trust in them dropped a bit. What happened? Well, let's start from the beginning.