Saul Johnson
@lambdacasserole
Followers
121
Following
549
Media
10
Statuses
264
He/him. Opinions my own. 🇬🇧🇮🇪
United Kingdom
Joined October 2012
"Password expiration requirements do more harm than good, because these requirements make users select predictable passwords" Thank you Microsoft. NIST agrees. Everyone who attacks password auth agrees. Can we get compliance to update their requirements. https://t.co/8nZszqKUBC
learn.microsoft.com
Make your organization more secure against password attacks, and ban common passwords and enable risk-based multifactor authentication.
29
429
1K
https://t.co/pM72cKxlll is back up and generating molecular wallpapers again after months of downtime. Sorry about that, life got a bit crazy.
0
0
1
While this might have nothing to do with the latest "sophisticated cyberattack" that you came under @easyJet, I sent you an e-mail and several DMs about this and absolutely nothing was done. I can't help but wonder, were there similar warnings this time?
0
0
1
Sign in link up top there too, for anyone to fiddle with that happens to be sitting between the user and your server. Honestly really frustrating. @troyhunt wrote on this all the way back in 2017.
troyhunt.com
Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine..." The latest such event was with NatWest [http://personal.natwes...
1
0
1
When you inevitably announce that you take customer security "extremely seriously" in response to this latest "sophisticated cyberattack" do you mean seriously enough to not ask for surnames and booking numbers on a form served over an unsecured connection?
1
0
1
WHAT THE SHIT. Seriously, I didn't realise the utter amazingness of this on the day when Marek sent it. If you use their new auth scheme, you cannot have the same PIN as another user. Duhhhhhhhhhh. Share widely!
10
26
94
If you follow me and don't yet follow @cybergibbons you should definitely do so. Consistently awesome stuff.
1
0
1
hate to post about personal stuff but tl;dr i had to kick a friend out of my life tonite bc they were not respecting boundaries & i felt unsafe around them. idk who needs to hear this, but i think its usually the right thing to do even if u feel like a crappy person for doing it.
34
24
623
Me, a password security researcher, hiding under the bed: Armed robber: . Me: . Armed robber: . Me: . Armed robber: Enforce password length over password complexity. Me: ACTUALLY THERE IS NO IDEAL PASSWORD POLICY IN ALL ENVIRONMENTS, THREAT MODELLING IS ESSENTIA- oops...
Me, a web developer, hiding under the bed: Armed robber: . Me: . Armed robber: . Me: . Armed robber: why call it serverless when there are obviously still servers Me: YOU THINK YOU’RE SO CLEVER. DON’T DISCOUNT A VERY REAL PARADIGM SHIFT BEC oh shit https://t.co/r2t2Qkdiou
0
1
3
I don't blog much, but in light of the recent @virginmedia tweet about *printing out passwords and popping them in the post* (still can't believe I'm typing that) I thought I'd post this here:
0
0
4
Absolutely wild that you store passwords unhashed, then *print them on a piece of paper* and put them in the mail. This can't be real.
@_Freakyclown_ Posting it to you is secure, as it's illegal to open someone else's mail. ^JGS
0
0
1
Go to check my account balance on my phone, get nervous, hands get clammy, fingerprint not recognised, calm down a bit, go to check my account balance on my phone, get nervous...
0
0
0
Can't wait for a cryptocurrency with the ethics of Uber, the censorship resistance of Paypal, and the centralization of Visa, all tied together under the proven privacy of Facebook.
JUST IN: Facebook has reportedly lined up Uber, PayPal, Visa and others to invest $10 million each in the consortium governing its secretive crypto project. https://t.co/lFstb664LO
@nikhileshde writes
291
5K
15K
Really enjoyed delivering my talk at @OfficialTDFCon on malicious JavaScript encoded as zero-width whitespace characters! The blog post is up now:
0
1
0
This in no way makes any sense whatsoever @ServiceNSW
@FearbySoftware Hi Simon, it could present a vulnerability where malicious software or pages could repeatedly paste password guesses into the password box until they correctly find your password.Malicious software exists that can gain access & we take our customers online security very seriously
12
17
170
Just had fun presenting on musical pattern discovery, fractals, and functional programming @NWDconf and nice catching up with @informusiccs #wiskunde #mathematics #outreach slides: https://t.co/XmvKXA8l0k
0
3
12