Using TPM-backed Client Certificates in Chrome on Linux
Private keys don’t belong in files on disk. turn your TPM into a client authentication token for the browser.
Posts
Technical Debt Is a Security Time Bomb
Understanding how accumulated technical debt can lead to severe security vulnerabilities.
A Dangerous Language Feature
How a clever use of C lambdas can force the stack to be executable, and why that’s a security risk.
When Printf Becomes a Weapon
How a seemingly innocent debug function can leak memory, crash programs, or enable arbitrary code execution.
The True Cost of a $500 Office Printer
Why insecure enterprise devices are becoming an existential business risk
Buffer Overflow: The Bug That Refuses to Die
Learning about buffer overflows, why they persist, and what they reveal about software security.
The Uninvited Guest
A personal war story about a compromised production server that captured my password and taught me never to use production hosts for private tasks.
There's No Such Thing as Temporary
A cautionary tale about a temporary solution that became permanent.