Sites should publish their password hashes

There’s a big problem with all sites that store a password to perform authentication – you have no idea what security measures are being taken to protect the stored passwords. How do you know how your password is ‘secure’ once it’s at the other end? How can you know? (more…)

Why isn’t Airport Security Open?

I’m going to take two security stories from the last week, one of which I think illustrates how to do it well, and another which illustrates how to do it badly. They come from very different areas under the vast umbrella of ‘security’. One is very much physical, and the other very much not. These days however, the two are¬†inseparably¬†linked. (more…)