Hi there!

You’re at a coffee shop. You join the free Wi-Fi, type bank.example.com, and start checking your balance. The connection to your bank is locked behind that reassuring little padlock — TLS, encrypted, private. Except the question you asked first wasn’t private at all. Before your browser could open that encrypted tunnel, it had to ask a simple question: “What’s the IP address for bank.example.com?" That question — a DNS lookup — left your laptop unencrypted, in a 40-year-old format (RFC 1035), for anyone on that Wi-Fi (and your ISP, and a few hops in between) to read, log, or quietly change....

Model Context Protocol servers are appearing inside organizations faster than most security teams have a review process for them. They often look like small, polite integrations: a package, a few tool definitions, some outbound API calls, and a README. That framing is the problem. An MCP server is not a passive integration. It is an execution surface exposed to a language model. It may hold credentials, read sensitive data, call internal APIs, write to downstream systems, and act on instructions that came from untrusted text....

This post is part of the Before Your Code Runs series, cataloguing the hidden, implicit code execution surfaces in programming language runtimes and toolchains. Node.js and npm sit underneath a huge chunk of the modern web. It’s the runtime that made JavaScript a “real” backend language, and npm is the largest package registry in the world. That’s a lot of trust in a lot of code. Here’s roughly what happens when Node starts:...

This post is part of the Before Your Code Runs series, cataloguing the hidden, implicit code execution surfaces in programming language runtimes and toolchains. Python is probably the most beloved language in the world right now. It’s everywhere: data science, web backends, DevOps glue, AI/ML pipelines, you name it. And because it’s everywhere, attackers love it too. The thing is, most Python developers think execution starts when you type python app....

If you use a YubiKey for one-time passwords (OTP), you’ve probably done it at least once: you meant to type something, touched the key, and a long modhex string landed in Slack, a commit message, or an email. Annoying for everyone, and worse, it’s a real security risk. This post pulls together practical ways to reduce accidental triggers and what to do when a code gets out, plus how YubiOTP compares to TOTP so you can use both wisely....

I’ll be honest with you: I attempted to read the Yellow Paper four times before I actually finished it. The first three times, I opened the PDF, saw equations like Υ(σ, T) ≡ σ', and promptly closed it, convinced it was written for people far smarter than me. The fourth time, I changed my approach entirely. Instead of trying to understand it linearly, I treated it like - “I don’t have an option but to understand this”....

In the last two blogs, we looked at the pieces that make a blockchain work and how the network agrees on what is true. In here, we will look at how all those pieces sit together as layers, how blockchains are structured, and how Layer 1 and Layer 2 actually differ in practice. Once we know what each layer is responsible for, concepts like rollups, sequencers, proofs and scaling start making sense....

Decentralization sounds simple until you realise every node acts on its own. In a blockchain each node holds its own copy of the ledger and processes data independently. Nodes see transactions at different times, some go offline, some behave incorrectly and some may try to cheat. Without a way to agree the network would split into a thousand truths. Consensus is what keeps all those independent nodes and all those independent ledgers marching in the same direction....

If you’re still asking ‘Why do I even need to learn Blockchain security?’ No worries. I wrote this blog to answer exactly that. Give it a read, then come back and we’ll dive into Blockchain 101 together. Now that you are here, let’s start by understanding what is Blockchain? But wait, a bit of warning, there is way too much text in the entire blog - I tried putting some AI generated images (which make sense for the blog), but they also were not able to do much, so all the best!...

In the world of AI, I’m gonna go rebel and talk about Blockchains. Why? Because I’ve been learning and tinkering with it, and I thought it’d be fun to share. Honestly, this is as much for my own notes as it is for anyone reading. Blockchain isn’t as shiny as AI right now, but it’s still a big deal. Here’s the thing: blockchain is too important to ignore, but too risky to approach without understanding security....