I needed a way to generate a TOTP secret using a fairly locked-down Mac. No Brew. No NPM. No Python. No Prolog, COBOL, or FORTRAN. No Internet connection. Just whatever software is native to MacOS. As I've mentioned before, the TOTP specification is a stagnant wasteland. But it does have this to say about the secret: The secret parameter is an arbitrary key value encoded in Base32 according to RFC 3548. The Base32 alphabet is pretty simple. The upper-case letters A - Z, and the numbers 3 - …
Continue reading →
A few weeks ago, I received a billing email from my phone provider O2. While glancing at it, I noticed all the images were broken. Viewing the source of the email showed that they were all coming from http:// mcsaatchi-email-preview.s3.amazonaws.com/o2/... What happens if we visit that domain? Ah, the dreaded "The specified bucket does not exist" error. At some point the images were served from that domain but someone deleted the bucket. This is a problem. Amazon doesn't reserve…
Continue reading →
This is a curious book. It starts out as a look at the security of everyday objects, but quickly becomes a series of after-dinner anecdotes about various security related issues. That's not a bad thing, as such, but a little different from what I was expecting. There's no doubt that Mikko walks the walk as well as talking the talk. Almost every page contains a bon mot. For example: Working in information security is sometimes a bit like playing Tetris: your successes disappear but your…
Continue reading →
