Throwing Fire is a blog about security and social engineering.
17 Sep 2014 » Beware of "Read-Only Bank Access"
Many services encourage you to connect your online banking accounts in a "secure and read-only manner," but these assurances are deceptive.
13 Sep 2012 » Gambling with Secrets: an Introduction to Cryptography
A very approachable miniseries on the history of cryptography, random number generation, key exchange, asymmetric encryption, cryptanalysis and why the Allied Forces broke the Nazis' Enigma machine.
14 Aug 2012 » The Secure Remote Password Protocol Isn't Bad
Blizzard Entertainment has been receiving a lot of flak recently for using the Secure Remote Password protocol. That's wrong.
07 Aug 2012 » Implementing Two-Factor Authentication Is Easier Than It Seems
Perhaps the most effective complement to passwords is two-factor authentication, and it's surprisingly easy to use and implement. Here's an example.
07 Jun 2012 » The History of Password Security
A summary of how password authentication and security functions have evolved since the 1970s, and an interesting look at concepts like salting which were used way before you'd probably expect.
06 Jun 2012 » Storing Passwords Securely
Why "SHA 256-bits enterprise-grade password encryption" is only slightly better than storing passwords in plain text, and better ways to do it.
19 Apr 2012 » What's Old Is New Again
A new security vulnerability in OpenSSL turns out to have been included in a book about finding security vulnerabilities, 6 years ago!
22 May 2011 » Security Through Obscurity
Why I think the increasingly popular 'That's not security. That's obscurity.' attitude is unhelpful.
08 May 2011 » LastPass Disclosure Shows Why We Can't Have Nice Things
Response to the media's hysteria surrounding LastPass' responsible security warning.