Showing all posts tagged #security:


Duress Modes

Posted on March 3rd, 2017

I have written about “Duress Modes" before (here and elsewhere). They are an important safety protection that I believe system and software developers need to be building into their products. When a user is being coerced, a Duress Mode gives them an option to comply, while limiting their risk. Maciej Ceglowski has brought up a specific version of this with his recent post entitled “Social Media needs a Travel Mode." Take a read!

On Blocking

Posted on June 7th, 2016

I was recently told in a Facebook group that I'm not "allowed" to block someone. I have the right to block someone. You have the right to block someone. Facebook (and other providers) have often give us that ability, and it is good that they do. One can block someone for many different reasons. A block can be for very serious reasons such as limiting harassment or protecting one's mental health. One can block to avoid people who troll, derail conversations, avoid the topic, bother other us...

"cannot provide information we do not have"

Posted on May 14th, 2016

The Intercept recently covered how a judge was punishing a secure-communications application. The title of this post comes is a quote from representatives of the application in question. I continue to press the idea that our systems designs need to architected to be resistant to “rubber hose cryptography". In other words, they need to be resistant to coercive pressures targeting users of our software (regardless of whether those pressures are criminal, political, or (frequently) both). When...

DRM-Free: Not Just About Piracy

Posted on May 14th, 2016

DRM (Digital Rights Management) is supposedly a tool for protecting intellectual property in digital media, but the usage of it has introduced numerous other challenges. These side-effects (or in some cases, arguably intentional effects) cause other problems for the proliferation and use of beneficial technology. These challenges can include: Speed, resource, and energy overhead Losing media you already “own" if the provider decides to discontinue it or goes out of business Inability to con...

Food for Thought: 2016-04-18

Posted on April 18th, 2016

The New Inquiry ponders the “viral virus" and whether society benefits "from a world in which everyone is anxious about having anxiety". Your first SMBC of this post: In TV and movies, it is a common trope to track someone to an exact location using only their IP address, often even to a specific spot in a specific room! Naturally, you are skeptical of that, as you should be. This excellent story shows some of the really interesting things that happen with IP-to-physical-address mapping at...

Food for Thought: 2016-04-01

Posted on April 1st, 2016

No Funnies Edition Another winner from The Baffler. It hits so many sweet spots for me, such as quoting Jacques Ellul and criticizing advertising, propaganda, and this terrible upcoming US presidential election. The ethical thing to do when you have a security vulnerability is to help the people responsible for the vulnerability to fix it. Often, it is instead hidden and weaponized, commoditized, and used against specific targets. However, during that period, non-targets with the same softwa...

Two-Factor Authentication in the News

Posted on March 31st, 2016

The IBJ has another article that discusses the Anthem breach. Like many articles from many sources before, it does a poor job of being clear about the uses and types of two-factor authentication. If you are not aware, two-factor authentication requires that you use two ways to prove who you are. This is often implemented by using something you know (account name and password) and something you have (a special token or certificate). It is becoming common to use two-factor authentication for ...

Food for Thought: 2016-03-18

Posted on March 18th, 2016

The newest version of the Software Assurance Maturity Model (SAMM) is freely-available from OWASP. This is a incredibly useful tool to consider your software/application security practices and what might be enhanced. Check out this hilarious and sad FOIA redaction hall of shame. My favorite is the multi-step process with an encrypted file for a completely redacted document. Peace officers raid a dispensary, destroy some video equipment, joke about abusing an amputee, have a laugh as they co...

Food for Thought: 2016-03-07

Posted on March 7th, 2016

When you spend a lot of your political efforts trying to scare people, they tend to get scared. Scared people tend to not be great long-term thinkers, and often sacrifice their values in the name of “safety and security". Read American Authoritarianism. Of course, this does not give a pass to the American authoritarian left, either, who have also spent political capital to incite fear and hate, but usually towards different (more “internal") targets. What Makes Good Teams? Well, looks like...

Food for Thought: 2016-02-16

Posted on February 16th, 2016

Really good article about Bernie Sanders, and more generally, voting: Don’t Change the Players, Change the Game. This is why I want you to read Changing Lenses by Zehr: "The simple fact of the matter is the criminal justice system is meant to punish, not protect. I don’t care about seeing him punished - I would rather he get better. And they’ve done nothing to protect me - it’s only made things worse and become another weapon in his arsenal, and the arsenal of the people out there way sca...

Todd Grotenhuis

Professionally an Information Security Specialist, Politically an Abolitionist, Theologically an Anabaptist