Like everyone else with an email address, I’ve been receiving these bitcoin extortion messages for months. I’ve also observed with ever greater dissatisfaction as scammers raked in tens of bitcoins within a week. What especially annoys me is not so much that people are falling for this scam, but that email service providers are simply looking the other way.

Earlier this week I noticed a minor brute-force attack against our managed WordPress hosting. The attack lasted for 72 hours and deployed around 2000 unique bots. The botnet attempted on average 100 logins per hour while rotating bots to avoid triggering our automatic defense systems.

I was unaware that Facebook recently had started to add a unique click identifier to all outbound links on facebook.com. Coincidentally, one of the security measures of this server is to disallow query strings as part of the URL. Thus, any visitors coming over from Facebook were suddenly blocked and banned on sight.

The Android Oreo update has been rolled out to Honor 8 smartphones all over the world, but for some reason, mine got left behind. I feared it might be related to my effort with disabling Huawei and Google services on the phone, but as it turns out it was rather easy to correct.

A while back I lost access to the email address with which I had subscribed to the slackware-security mailing list. This does not please Bob, so today I logged into my webmail account and sent along a new request to join slackware-security and slackware-announce. The response I got in return gave me a good laugh and a swift feel of nostalgia.

Even though I really enjoy the new Gutenberg experience from a content creator’s point of view, I’ve come to the conclusion that it’s not the right editor for me. My dear Gutenberg, it’s not you, it’s me.

I’ve never really felt all that good about storing my passwords on the public cloud, but after we started using LastPass at work I somehow got lulled into adopting it for personal use as well.

Almost a year has passed since I bought a new domain name using the privacy-aware domain registration service from Njalla. Based on my experience with the service, I felt confident enough to go ahead and transfer my primary domain from Namecheap to Njalla.

So why is this release noteworthy? Well, I experienced an issue with the previous release (Tor 0.3.4.7) where I was unable to get sandboxing to work due to the following error:

The highly anticipated continuation of last year’s riveting tale of fear and loathing on the dark web. I hereby offer a full disclosure of attack patterns observed against my onion and my WordPress installation, respectively.