Welcome to my blog

This is my blog on (mostly) cybersecurity, IoT and related subjects. It contains some historic stuff from LinkedIn and other places, as well as new thoughts that I’ll collect here. I’ll also occasionally talk about research work, including publications or other academic engagements.

For more information about me, visit my personal website.

VPNs Considered Harmful

Confusion between anonymising and corporate VPNs is bad for cybersecurity

Posted on February 20, 2021
The Virtual Private Network, or VPN, has become a familiar term amongst Internet users in recent years. Yet, the secure tunnelling technology has been around much longer. So, why is it popular now, why should this be considered harmful, and what do we do about it? Take the global Google Trends for the terms VPN, SSL and TLS, pictured below. Comparatively few people seem to care about SSL and TLS, but VPN sees growing interest, with repeated spikes. [Read More]
#VPN  #privacy  #opinion 

Meep Meep! A story of certificate (un)verification 🔏📜🔍❌

ACME clients seldom check the certificates they receive

Posted on October 4, 2020
This article discusses the lack of certificate checking done by ACMEv2 clients, as well as the lack of provision in the ACMEv2 protocol specification to encourage any checking. This article explores the implications of this, and demonstrate why we should probably being doing some additional checks in our ACMEv2 clients. The project is called “Meep Meep”, because that’s the sound a roadrunner makes. The author couldn’t think of a cleverer name for something related to ACME. [Read More]
#SSL  #TLS  #certificate  #verification  #ACME