Security

Articles about privacy, security, and data protection online

← Back to All Categories
HTTP host header security explained β€” why the Host header is attacker-controlled behind reverse proxies and how CVE-2026-48710 broke authentication in Starlette.

security

HTTP Host Header Security Explained: What CVE-2026-48710 Reveals About Trust Boundaries

HTTP host header security explained β€” why the Host header is attacker-controlled behind reverse proxies and how CVE-2026-48710 broke authentication in Starlette.

Read More →
Shamir secret sharing explained simple β€” how threshold schemes split secrets so no single person holds the key, and when you'd actually use one.

security

Shamir Secret Sharing Explained Simple: Why You'd Split a Password Into Pieces

Shamir secret sharing explained simple β€” how threshold schemes split secrets so no single person holds the key, and when you'd actually use one.

Read More →
Argon2 vs bcrypt 2026 decision guide: when to use Argon2id, scrypt, bcrypt, or PBKDF2 with concrete parameter recommendations.

security

Argon2 vs bcrypt 2026: Which Password Hash Should Your App Actually Use?

Argon2 vs bcrypt 2026 decision guide: when to use Argon2id, scrypt, bcrypt, or PBKDF2 with concrete parameter recommendations.

Read More →
Kestrel Tools watermark on a VS Code window showing an extensions sidebar with a flagged Nx Console entry

security

After the Nx Console Breach: What Should Your Editor Be Allowed to Read?

A vscode extension supply chain attack hit Nx Console and 3,800 repos. Here's what your editor can actually see, and how to audit it in 60 seconds.

Read More →
Random password vs passphrase vs Diceware in 2026: a decision guide with real entropy math, sample output, and when each one is the right pick.

security

Random String, Passphrase, or Diceware? Picking a Password Your Future Self Can Actually Use

Random password vs passphrase vs Diceware in 2026: a decision guide with real entropy math, sample output, and when each one is the right pick.

Read More →
A practical guide to browser random number generator security: how crypto.getRandomValues works, when Math.random fails, and what powers passwords and UUIDs.

security

Where Do Random Numbers Come From in Your Browser?

A practical guide to browser random number generator security: how crypto.getRandomValues works, when Math.random fails, and what powers passwords and UUIDs.

Read More →
Kestrel Tools client-side JSON formatter showing pasted JSON processed locally in the browser, never uploaded

security

Is It Safe to Paste Your JSON Into a Random Online Formatter?

Pasting JSON into a random online formatter can leak tokens, IDs, and PII. Here's how to spot a safe client-side JSON formatter β€” and what to check first.

Read More →
An npm supply chain attack on TanStack hit the dev community this week. Here's what it means for the online tools you paste sensitive data into.

security

What the Latest npm Supply-Chain Scare Means for the Online Tools You Use Every Day

An npm supply chain attack on TanStack hit the dev community this week. Here's what it means for the online tools you paste sensitive data into.

Read More →
Password generator interface showing strong password creation with character options and strength indicator

security

Password Security in 2026: The Complete Guide to Creating and Managing Strong Passwords

Learn how to create uncrackable passwords, understand password entropy, and implement best practices for password security. Includes practical tips and our free password generator tool.

Read More →
Kestrel Tools interface demonstrating secure, client-side data processing with no server uploads

security

The Hidden Privacy Risks of Free Online Tools (And How to Protect Yourself)

Discover the shocking privacy risks lurking behind free online tools and learn how client-side processing keeps your sensitive data secure. Your files deserve better protection.

Read More →