Category Archives: Security

In case you still think banks know what they are doing

Working with Weboob has confirmed my suspicions that banks’ IT departments are clueless (at least the French ones). It’s not only that they have terrible websites with snake-oil security (i.e. keypads are easily logged, they only bother regular users). It’s that their approach to security is from another world. When I was working with a […]

Posted in Security | Tagged , | 1 Comment

New GPG key

I have set up a new OpenPGP key, to benefit from better security settings and better storage practices of mine, and will be transitioning away from my old one. The old key is not compromised in any way. The old key will continue to be valid for some time, but I prefer all future correspondence […]

Also posted in Meta | Leave a comment

Security of remote servers

Here is another example of bad randomness practices that lead to pretty serious issues (something like $15000 stolen). The interesting part, besides the bad programming practice of writing your own random function, is that the vulnerability is outside of the server. In a way, it’s similar to the “physical access” vulnerability. And even if your […]

Posted in Security | Tagged , , | Leave a comment