Mark EldridgeGovernment Identification: BankID and the Australia CardOne of the less fun aspects of moving countries is that you become a walking edge-case for many IT systems. You’ll encounter online forms…Nov 20, 2018Nov 20, 2018
Mark EldridgeSupermicro, hardware trojans, and BMC securityWe need to take two things much more seriously: the security of our supply-chain, and the security of our baseboard management controllers.Oct 8, 20182Oct 8, 20182
Mark EldridgeFacebook and the trade-off of centralised authenticationTo put it mildly, Facebook has had a bad week.Oct 3, 2018Oct 3, 2018
Mark EldridgeSecurity gatekeeping in a DevOps worldThe book Building a Modern Security Program is co-written by Zane Lackey and Rebecca Huehls, and describes the lessons learned by Lackey…Sep 18, 20181Sep 18, 20181
Mark EldridgeSecurity is always a Trade-offTrade-offs occur everywhere in engineering. Take leverage for example:Aug 23, 2018Aug 23, 2018
Mark EldridgeWeb Authentication, BankID, and the death of passwordsIn my last email I mentioned Alex Stamos’ Twitter takedown of the ‘Digi-ID’ authentication solution. Buried in the exchange was a mention…Aug 21, 20181Aug 21, 20181
Mark EldridgeReach out and catch shells with SSH port forwardingThis is a very simple trick for catching shells locally on a device which doesn’t have a public IP, such as a laptop sitting behind a…Jun 2, 2018Jun 2, 2018