Blog

Is this password manager any good?

2 minute read

I’ve been asked this question countless times over the last couple decades, perhaps because I used to be responsible for cracking weak passwords for a compan...

Secure Communication Tools

less than 1 minute read

I often get asked which secure communication tools I recommend. I’m writing this as a condensed master of list of previous articles I’ve written.

Canadian Privacy iAMA 5 years later

1 minute read

5 years ago, I pulled together some of Canada’s top privacy experts, and we did a Reddit “As us anything” (AuA) about the Canadian privacy landscape.

Requesting your personal data from a company

1 minute read

There are now several privacy laws (Canada – PIPEDA/PIPA, EU – GDPR, California – CCPA) that allow individuals to request their personal information.

Identity Theft in Canada

less than 1 minute read

I’m no longer associated with Canada’s ID Theft Support Centre, which ran out of funding years ago, but I still regularly get asked for help by victims. List...

Two-factor Authentication (2fa)

less than 1 minute read

In this audio clip I talk about the three factors of authentication, and some solutions you can use regarding 2fa to protect your accounts.

Changes to SimpleTax

1 minute read

If you’re using SimplexTax and follow this blog because you prioritize on your privacy, you likely want to take the following steps immediately:

Digital Fingerprints

less than 1 minute read

As you likely know, especially if you’ve followed this blog over the years, most websites are collecting as much data about you as they can, and are using it...

Domain Registration

less than 1 minute read

I was looking for a list of privacy centric domain name registration systems, and as of writing this, I can only find one: Njalla. It was created by Peter Su...

Privacy tracking protection from your browser

2 minute read

I’ve written about privacy trackers for over 7 years on this blog, and have been speaking about them for over a decade. This is an updated article, as techno...

Are you ready for GDPR?

less than 1 minute read

Starting May 25th, if your company is a data processor or controller of anyone in the European Union, you’re obligated to comply with the EU’s strict new Gen...

How to protect against Meltdown and Spectre

1 minute read

The short, but intense solution for Meltdown and Spectre from CERT is to upgrade your CPU. (update: As you can see by this URL, they have a more detailed sol...

Privacy Centric Browsers

less than 1 minute read

I’m often asked which browser I use. Both Chrome and Firefox have a more privacy centric alternative now, Iridium Browser and Firefox Focus respectively. Of ...

Wifi as we know it can be compromised

2 minute read

[NOTE: Senior Advisor Kris Constable submitted this to HuffingtonPost, but due to the time zone differences and the severity of the issue, we have decided to...

Secure websites

1 minute read

I’m often asked about secure websites. For example, should you trust the connection with your computer and your bank’s website? The article is going to get a...

Asset Cataloging

1 minute read

I recommend you start asset cataloging before you have a vulnerability assessment done on your organization as you need to know what the assets are you’re tr...

Browser plugins for device protection

less than 1 minute read

These are the three browser plugins for device protection I recommend you install. The first one is arguably more important than anti-virus, and takes a whil...

Who can read your chat?

2 minute read

The next time you think you’re having a private online chat with a family member, you might want to think about who can read, watch, or log that conversation...

Integrated Case Management

2 minute read

For over four years, the BC Liberals have been working to build a monster database of all of our personal information. Instead of it being limited to one Min...

Next Lunch & Learn Topic: Does PIPA Apply to Me?

less than 1 minute read

If you own or operate a business in British Columbian or have a sole proprietorship and you wonder, “Does PIPA apply to me?,” this talk is for you. This con...

Facebook for Android

1 minute read

Have you ever really paid attention to what information an application is requesting? While I’m singling out Facebook and Android in this article, please thi...

What antivirus software do you recommend?

2 minute read

A local LinkedIn group has a discussion recommending a specific anti-virus software. That made me wonder, what antivirus software do you recommend, and why?

Portable Password Manager

less than 1 minute read

Today’s question comes from a former student, asking what I use for a portable password manager:

Password protect your cellphone

1 minute read

For most things privacy related in Canadian law, it comes down to what a judge feels Canadians think is reasonable. A couple of days ago the Ontario court of...

Happy Data Privacy Day 2013!

2 minute read

According to Wikipedia, the purpose of Data Privacy Day is to raise awareness and promote data privacy education. It is currently ‘celebrated’ in the United ...

spoof your MAC address

3 minute read

When you connect your computer to any network, there are typically two options for how it gives you an IP address – a static IP or a dynamic IP (DHCP). The c...

Change your default search engine

1 minute read

Most of us use a search engine such as Google or Yahoo daily without taking much time to consider the inherent privacy implications. If you have some time, ...

Keys to the city, New York City

1 minute read

There’s been a lot of buzz this month about the retired New Jersey locksmith selling several master keys to the city of New York to a newspaper reporter via ...

Canadian Patriot Act back as bill C-12

1 minute read

If you’ve followed this blog for some time, I first wrote about the introduction of the bill in May 2010, and then a follow up redux in August 2010 (a summar...

Anti-Virus for Macosx

less than 1 minute read

Because of Apple’s advertising, Mac users often (wrongly) believe that they don’t need anti-virus software. The problem that these users have is that when th...

Retroshare

less than 1 minute read

I had a lot of positive feedback from the recent post on Diaspora with client-side encryption. For those of you who are somewhat technically inclined, and li...

Are you vulnerable to the DNSChanger?

1 minute read

Wired is reporting that several hundred thousand people may be affected on Monday when the FBI turns off the domains used in the DNSChanger malware. Over 1/...

GNU Privacy Guard

1 minute read

Ever since PGP removed their open source client, GnuPG has been the standard in open source PKI. If you want to encrypt your emails and/or files on your comp...

Diaspora with client side encryption

less than 1 minute read

I’ve written about Diaspora before, a social network (Facebook replacement?) that is decentralized, and cares (more) about privacy. If you’re interested to l...

Free cloud storage

1 minute read

The cloud is a current buzzword in technology, referring to remote storage space on the internet. The big challenge with using free cloud storage, as a priva...

The browser tracker test

1 minute read

I’ve spoken about trackers before and recommended four steps/solutions for protecting your browsing privacy:

Opening your social network profile

less than 1 minute read

There have been a lot of stories about what happens when you reveal your social network profile, especially your geo-location information. Probably made famo...

Cover your webcam

less than 1 minute read

If someone hacks into your laptop/computer, and it has a webcam, they can control turn it on whenever they’d like. This video, based on a true story, should ...

Anti-virus, are you doing it right?

1 minute read

Most of my clients are running anti-virus on their home and work computers, but are they using it right? There are 3 key steps to running anti-Virus software...

Community-Based Reverse Engineering Class

less than 1 minute read

If you’re in the Victoria, British Columbia region, we’re going to start a community-based reverse engineering class, and you’re invited. Reverse Engineering...

No scripts!

1 minute read

One of the most common ways your computer gets compromised, is by malicious scripts opened by your web browser. This means you go to a website that might loo...

The Stop Online Piracy Act

1 minute read

If you’ve not heard of #SOPA yet, you likely will today. As of right now, it’s only something that techies and internet crusaders seem to be aware of. Like m...

Identity theft at UVic

1 minute read

Over the week-end, the University of Victoria’s new administrative building was broken into. A payroll server with the personally identifiable information (P...

How strong is your password?

2 minute read

While working in information security for the largest company in Canada, I realized there was no one internally, actively attacking the password database to ...

Using a non-tracker analytics service

less than 1 minute read

You’ve probably heard of Google analytics, which takes logs of your website visitors, and all of their activities, and provides you some very pretty, and use...

Google now offering secure search

less than 1 minute read

It’s not often we’ve given Google credit for privacy or security steps, but this week is one of them. Following the steps by Facebook and Twitter we announce...

Shared hosting back door

less than 1 minute read

Thanks to my friend Kevin McArthur for helping unveil this badboy, as it seems to be infecting quite a few machines. It appears that it was local machine att...

What info does Facebook have on me?

less than 1 minute read

After the F8 conference, there is even more concern than before about what personal information Facebook has on an individual. I was sent Facebook’s personal...

Facebook post F8

1 minute read

Right after the Facebook F8 keynote, a 15 year old noted he didn’t understand this new model Facebook was about to roll out. What might not be obvious, is th...

Upgrade your browser before you check your gmail

less than 1 minute read

There is a wildcard *google.com SSL certificate in the wild, which means malicious people can sit between you and anything at Google (including gmail) and pr...

Had your Twitter or Facebook hacked?

less than 1 minute read

If your friends ever tell you that they’ve received spam from your account, but you didn’t send it, likely your account was compromised. The following steps ...

Postmedia formatting hack

1 minute read

If you read any of the PostMedia (formerely CanWest) newspapers online, you know that their technical abilities are lacking, to say the least. One of the big...

LinkedIn to approve the closing of your account?

less than 1 minute read

After writing an article yesterday on how LinkedIn opts your name and photo into social advertising by default, it was brought to my attention today that if ...

Facebook just got all of your telephone contacts

less than 1 minute read

If you’ve installed a Facebook application on your smart phone/mobile phone, they’ve taken the liberty of syncronizing your personal telephone number list in...

I smell a RAT

1 minute read

Yesterday, Vanity Fair published an exclusive on operation Shady RAT (remote access tool), which was a high-level hacking campaign that lasted over 5 years, ...

Don’t trust that number!

2 minute read

I’m sure you’ve received an email spam from what appears to be a legitimate email address, saying you’re entitled to millions of dollars. You know that — tha...

sslsniff, there’s an app for that!

less than 1 minute read

Moxie Marlinspike just released an updated (10 years later!) version of sslsniff that includes the iOS BasicConstraints vulnerabilities that were published t...

Duck Duck Go

1 minute read

You’re likelty using Google as your default search engine; and they’re undoubtably good at search. The challenge to me is what are they doing with the inform...

Internet security just dropped a notch

1 minute read

I just read a tweet from Meredith L Patterson stating that Len Sassaman has committed suicide. I don’t know why, but at first I thought it only a silly inter...

Stop online spying in Canada

less than 1 minute read

You may remember a year ago I broke the story on the introduction of the minority government’s Canadian version of the patriot act (see articles one and two)...

Shaw’s decided to hijack their customer’s DNS

less than 1 minute read

When you go to a website that doesn’t exist, instead of your search engine of choice offering you other solutions, Shaw has decided to do this themselves, an...

Who’s pentesting your organization?

less than 1 minute read

Penetration testing, also known as pentesting, is a way of evaluating the security of your organization from the perspective of a malicious black hat hacker....

Using a secure connection where possible

less than 1 minute read

I received a lot of feedback after my post yesterday about creating a permanent SSL (https://) connection to Facebook. It’s most important to use SSL anywher...

Tech Tip: Secure connection to Facebook

less than 1 minute read

This tip is to create a permanent secure connection to Facebook. You can tell you’re using SSL if the URL starts with https:// instead of http://. When you’r...

Detect and block website trackers with Ghostery

less than 1 minute read

For anyone that attended the Privacy and Security talk tonight at Social Media Club – Victoria, I mentioned a browser plugin that allows you to see who is tr...

What the SSL?

4 minute read

One of the most serious attacks on internet infrastructure occoured a few days ago, and as the Canadian media don’t seem to want to report on it, I will, as ...

CanSecWest, a decade later and still growing

2 minute read

I just realized that my first time going to CanSecWest was while working as a security expert at Nortel, by far the largest company in the country at the tim...

Update on usage based billing (UBB)

less than 1 minute read

This image is getting a lot of attention. Today Michael Geist has released an article on Unpacking The Policy Issues Behind Bandwidth Caps & Usage Based ...

Canadian petition against usage based billing

1 minute read

As of writing this, I am one of over 180,000 Canadians that have signed the stop the meter campaign against usage based billing. There are several challenges...

30M accounts compromised at plentyoffish.com

less than 1 minute read

All kinds of breaking drama around the compromising of plentyoffish.com (POF), which includes the usernames and passwords for around 30 million people! Chris...

Where does Google’s censorship end?

1 minute read

It’s been well reported on Google’s kowtowing to the Chinese government in regards to censorship. This was based on the requests of a foreign government. How...

Why would Facebook turn your actions into an ad?

less than 1 minute read

Because they can. On Monday, Facebook released a [ video](http://www.facebook.com/video/video.php?v=10100328087082670) that shows how their new *sponsored st...

A must have hosts file

1 minute read

My friend Dan Pollock has been compiling the must have hosts file for some time. According to Wikipedia, the hosts file is a computer file used in an operati...

Your printer is giving you up!

less than 1 minute read

Did you know that most printer manufacturers have secretly ensured there are watermarks on everything you print? These are tiny tracking dots barely visible ...

Ready to test your BCP?

1 minute read

Most large organization make sure to do Business Continuity Planning (BCP), also known as Disaster Recovery Planning (DRP), because they understand the impor...

Ethical Hacking class

less than 1 minute read

If you are in the Suwon/Seoul area of Korea tomorrow, I will be teaching an Ethical Hacking class at no cost. Contact me at @PrivaSecTech on twitter for di...

Borrow your neighbours identity

1 minute read

If you have a wireless card in your laptop or netbook, you should see if it can be put into monitor mode/promiscuous mode. If so, this means you can “sniff p...

Your credit report

1 minute read

There are two credit bureaus in Canada, Equifax and Transunion (there was a 3rd, American company, but it appears to be defunct). Contrary to the prices list...

Technology Tip: Shopping

less than 1 minute read

This is a technology hint for those wanting to know if they’re getting a good deal. You can use this hint no matter what you’re buying. You could be looking ...

Canadian Patriot Act redux

2 minute read

The article posted in May on the Canadian Patriot Act being introduced to the House of Commons didn’t seem to go much further than “preaching to the choir”. ...

Apple’s updated privacy policy

less than 1 minute read

“To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the ...

Apple iphone vs Nokia E71

1 minute read

Traditional cellular phones are now known as feature phones, deprecated by the advanced “smart phone”, which allows one to install feature rich, operating sy...

Canadian Patriot Act introduced

1 minute read

Today a couple of changes to Canada’s privacy landscape were introduced under the infamous banner of “safety and security”. This will create significant chan...

Social networking, what’s next?

1 minute read

In 2008, I was in Ottawa, talking with one of our clients, CIPPIC. Specifically the executive director at the time, about Facebook. There was discussion that...

Free Email

1 minute read

“My email provider shut down my account, gave me a support ticket number, but I have no way to look it up” “Have you paid for your account?” “No, it’s a free...

Web server logs

2 minute read

If you’re looking at a web site in your web browser (Firefox, Internet Explorer etc), it is being served by a web server. According to Netcraft over 50% of w...

Email Encryption

less than 1 minute read

On our contact us page we mention OpenPGP standard encryption (RFC 4880). What is this? Most people think email only goes to the intended recipient, but inst...