Throwing Fire is a blog about security and social engineering.

• 13 Sep 2012 » Gambling with Secrets: an Introduction to Cryptography
  A very approachable miniseries on the history of cryptography, random number generation, key exchange, asymmetric encryption, cryptanalysis and why the Allied Forces broke the Nazis' Enigma machine.
• 14 Aug 2012 » The Secure Remote Password Protocol Isn't Bad
  Blizzard Entertainment has been receiving a lot of flak recently for using the Secure Remote Password protocol. That's wrong.
• 07 Aug 2012 » Implementing Two-Factor Authentication Is Easier Than It Seems
  Perhaps the most effective complement to passwords is two-factor authentication, and it's surprisingly easy to use and implement. Here's an example.
• 07 Jun 2012 » The History of Password Security
  A summary of how password authentication and security functions have evolved since the 1970s, and an interesting look at concepts like salting which were used way before you'd probably expect.
• 06 Jun 2012 » Storing Passwords Securely
  Why "SHA 256-bits enterprise-grade password encryption" is only slightly better than storing passwords in plain text, and better ways to do it.
• 19 Apr 2012 » What's Old Is New Again
  A new security vulnerability in OpenSSL turns out to have been included in a book about finding security vulnerabilities, 6 years ago!
• 22 May 2011 » Security Through Obscurity
  Why I think the increasingly popular 'That's not security. That's obscurity.' attitude is unhelpful.
• 08 May 2011 » LastPass Disclosure Shows Why We Can't Have Nice Things
  Response to the media's hysteria surrounding LastPass' responsible security warning.
• 07 May 2011 » Exploring a Simple Yet Effective Web Server Botnet
  A look into the workings of a malicious PHP script used to take control of poorly configured web servers including Apache, IIS and Xitami.