Posted on March 18th, 2016
The newest version of the Software Assurance Maturity Model (SAMM) is freely-available from OWASP. This is a incredibly useful tool to consider your software/application security practices and what might be enhanced.
Check out this hilarious and sad FOIA redaction hall of shame. My favorite is the multi-step process with an encrypted file for a completely redacted document.
Peace officers raid a dispensary, destroy some video equipment, joke about abusing an amputee, have a laugh as they co...
Posted on March 7th, 2016
When you spend a lot of your political efforts trying to scare people, they tend to get scared. Scared people tend to not be great long-term thinkers, and often sacrifice their values in the name of “safety and security". Read American Authoritarianism. Of course, this does not give a pass to the American authoritarian left, either, who have also spent political capital to incite fear and hate, but usually towards different (more “internal") targets.
What Makes Good Teams? Well, looks like...
Posted on February 16th, 2016
Really good article about Bernie Sanders, and more generally, voting: Don’t Change the Players, Change the Game.
This is why I want you to read Changing Lenses by Zehr:
"The simple fact of the matter is the criminal justice system is meant to punish, not protect. I don’t care about seeing him punished - I would rather he get better. And they’ve done nothing to protect me - it’s only made things worse and become another weapon in his arsenal, and the arsenal of the people out there way sca...
Posted on January 29th, 2016
In 2016, I want to see if I can use the Internet as if it is not powered by ads. For other posts in the series, click here.
Have you ever tried to unsubscribe, but failed? Columbia won’t let you unsubscribe, if you have a certain type of email address.
Take a look and see if you can tell why:
Do you see it?
An email address with a “+" and extra characters is equivalent to the email address without the “+" and addendum (thus, “firstname.lastname@example.org" is supposed to ...
Posted on January 23rd, 2016
I like this tiny house design.
Brilliant satire from The Onion: Pentagon Holds Gala To Celebrate 25 Years Of Bombing Iraq
The “Have I been pwned" site has helped reduce the value of breach dumps (and thus, may be disencentivizing them). Troy Hunt asks for your help.
Want to be horrified when your phone vibrates? This app sends "a push notification every time the police kill someone in the United States."
Economic concerns trigger survival instincts and will often override our ethics...
Posted on January 19th, 2016
Secure design is just as—or more—important than security-bug removal. Yes, we need our software to be defensible against common application attacks, but we also need to consider whether our systems react safely when challenged with known threats like:
snooping, spying, & sniffing attempts
phishing & other social-engineering ploys
government orders & “rubber hose" attacks
Often, we try to push the burden of defending against these to the end user. We can and should do better.
Posted on January 19th, 2016
I had some links gathering dust, so some of these are a bit old.
Wonder why HTTPS isn’t as prolific as it should be? This post discusses some of the challenges and offers some ideas.
I had not considered all the ways that assigning-work-via-volunteers is unfair.
I still am super-mesmerized by this type of lightweight living.
What are the implications of systems being able to identify our faces easily?
It’s funny because it’s true. Security vulnerabilities are created faster tha...
Posted on October 15th, 2015
Today’s list is long, and a little short on commentary. Nevertheless, there are a lot of really good items in here.
The Intercept has released a harrowing look at murder by drone: The Drone Papers. Despite the title, the first article starts with an important reminder before you begin: “Drones are a tool, not a policy. The policy is assassination." It’s easy to blame the technology instead of the core factors. Read with that in mind.
Also from The Intercept: A short history of the US Bombin...
Posted on October 9th, 2015
Michal Zalewski not only writes well about information security topics, but also international perspectives on politics. Here, he discusses some of the realities of gun control in the USA.
I am a pacifist, but I also find myself frustrated and appalled by most discussions about gun control. One of many examples:The USA is huge, and contains lots of guns. If you want to use electoral politics to effectively get them out of the hands of citizens, you have to address the reality that it would cu...
Posted on October 1st, 2015
Maciej Ceglowski has yet another insightful and thought-provoking talk posted. This one (as usual) is about a lot of things, but examines those things through the means of looking at online advertising. It's long, but worth it.
Here are a few of the interesting quotes
"Advertisers end up right back where they started, still not knowing which half of their advertising budget is being wasted. Except in the process they've destroyed our privacy."
"It's no accident how much the ad racket resemble...