My musings on security

IPv6 Security and those damned dirty NATs

Saturday, February 6, 2010 by darco

With less than 10% of IPv4 addresses remaining unallocated, IPv6 has been getting a lot of attention lately. As such, hardware vendors and ISPs (like Comcast) are now starting to figure out how best to deploy IPv6 connectivity to residential customers.

IPv6 would effectively make the use of IP masquerading (A form of Network Address Translaton used in practically all residential gateway routers) unnecessary. Unfortunately, the current ubiquity of IP masquerading has caused vendors and ISPs to be suspicious of allowing proper end-to-end connectivity to residential customers. I have even heard that some are even considering using the same IP masquerading mechanism for IPv6—for security reasons!

This would be a very bad thing for the future of the IPv6 internet, so I wanted to elaborate on the motivations people have for doing this and ways that it can be avoided altogether.

Read the rest of this entry »

Website Security

Wednesday, August 16, 2006 by darco

I've learned quite a bit over the past year or so that I've been developing darcness, but one lesson stands out above all others: It is just staggering how many ways there are to compromise the security of a dynamic website.

Making a website secure is a surprisingly non-trivial task that requires plenty of thought and discipline. What makes it worse is that it is all too easy to create gaping security holes without realizing it.

Read the rest of this entry »

MySpace (is evil)

Thursday, July 20, 2006 by darco

myspace-tomIf you are around me often enough to hear my various pontifications, then you are no doubt already aware of my opinion regarding the excruciatingly popular social networking site MySpace. Today, I found the following bit of news from the washingtonpost.com:

An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows, according to data collected by iDefense, a Verisign company.

Wow. In Tom we trust.

UPDATE: (Oct 2011) It turns out that Tom is a pretty cool guy, and has quite a following on Google Plus of all places. Totally worth following the guy.

the MacOS X Keychain

Sunday, January 1, 2006 by darco


The "Keychain Access" application that comes with MacOS X is one of the most useful tools that come with Macintosh computers, but it is also one of the most neglected. If you are a Mac user and don't know what this tool is or how to use it, read on.

Read the rest of this entry »