It should be obvious, but everyone seems to be making the same mistake. HTTPS only works if you use it. Everywhere. If you don’t use HTTPS everywhere, a bad guy can intercept an insecure request and prevent the user from reaching your secure site. HSTS is a good start to mitigating the threat of accidentallyContinue reading “HTTPS Only Works If You Use It”
Author Archives: ericlaw
Testing HTTPS In Native APPs
Over on Twitter, Paul asks how to verify that a native application is using TLS. For a PC, it’s pretty simple, just run Fiddler and watch the traffic. If you see any HTTP requests (other than those labeled “Tunnel to”, indicating a HTTP tunnel used for HTTPS traffic) from the Process of interest, that trafficContinue reading “Testing HTTPS In Native APPs”
Photoshop and Save For Web
Adobe recently announced that “Save for Web” in Photoshop is a “legacy feature” which won’t be improved. I decided to have a look at Adobe Photoshop CC (2015.0.0 Release 20150529.r88 x64) to see the impact of its many different “save” commands on the resulting file size. First, I created a trivial 20×20 image and drewContinue reading “Photoshop and Save For Web”
Content Blocking: Unintended Consequences
Our company uses a web firewall device called IronPort to attempt to block unwanted network traffic; it blocks access to known phish and malware domains, and, more annoyingly, domains thought to be related to gaming or “questionable” topics (e.g. politics). Whatever. Today the IT department pushed a new rule set which blocks some requests to domains likeContinue reading “Content Blocking: Unintended Consequences”
On Chromebooks
I spent the summer of 1994 working minimum wage (a princely $4.25/hour), testing electronics, saving all of my pay to buy a beast of a computer. That September, I entered my sophomore year of high school and plunked down my saved ~$3000 to become the proud owner of my first Windows PC, a Comtrade PentiumContinue reading “On Chromebooks”