Default Credentials Considered Harmful

October 1, 2016 | Eric Rand
Eric Rand

Eric Rand

He is currently working for Castra Consulting.

October 1, 2016 | Eric Rand

Default Credentials Considered Harmful

The use of default credentials by vendors is an outdated, dangerous throwback to 20th century practices that has no business being used in today's world. It is this specific antique practice that is directly responsible for the existence of the record-breaking denial-of-service botnet recently used to censor Brian Krebs and the similar attack on OVH - these botnets only exist…

March 9, 2016 | Eric Rand

Shadyware -  Fuzzy and Grey like a Cat, not a PUP

I’d like to pose a question: What's the difference between malware and legitimate software? Just as malware is often purported to be legitimate software, legitimate software sometimes uses unethical marketing and operating practices. I term this “Shadyware.” It is marketed as useful software, which it may be in part, but it also contains annoying or harmful functionality that negatively…

Get the latest security news in your inbox.

Subscribe via Email

November 23, 2015 | Eric Rand

Password Paste Prevention: Security Friend or Foe?

Every few days on 'Infosec Twitter', I come across another example of a site that breaks password manager functionality by disabling the ability to paste into the password field. Generally, customer service representatives for those sites will vaguely explain that this is being done for "security reasons" - despite the fact that current best practices recommend the very password managers…

November 17, 2015 | Eric Rand

Ultrasound Tracking Beacons Making Things Sort of Creepy For Consumers

Ultrasound is supposed to be our friend. However, the security world was made aware last week of a technology being used by an outfit named "SilverPush" that is utilizing a new and unusual method for tracking mobile phone users with ultrasound signals. The basic story is that the company is embedding a tracking beacon in advertisement audio using ultrasound frequencies…

October 14, 2015 | Eric Rand

AdBlocking and Adblocker Blocking

Most people are familiar with the notion of an adblocker. It's pretty much what it says on the label: a program that blocks ads from showing. They may not, however, be entirely familiar with how adblockers work or what the best kind of adblocker for their use might be. Likewise, people are starting to become aware of sites trying…

September 21, 2015 | Eric Rand

The Ethics of Adblocking

Adblocking is becoming a more and more contentious topic in recent days. Publications, understandably, do not want people to block ads - they derive much of their revenue from them. Users find them to be intrusive and often feel that they impede their usage of a site; and, given the recent meteoric rise of malvertising, ads can often become downright…