Posted on April 18th, 2016
The New Inquiry ponders the “viral virus" and whether society benefits "from a world in which everyone is anxious about having anxiety".
Your first SMBC of this post:
In TV and movies, it is a common trope to track someone to an exact location using only their IP address, often even to a specific spot in a specific room! Naturally, you are skeptical of that, as you should be. This excellent story shows some of the really interesting things that happen with IP-to-physical-address mapping at...
Posted on April 1st, 2016
No Funnies Edition
Another winner from The Baffler. It hits so many sweet spots for me, such as quoting Jacques Ellul and criticizing advertising, propaganda, and this terrible upcoming US presidential election.
The ethical thing to do when you have a security vulnerability is to help the people responsible for the vulnerability to fix it. Often, it is instead hidden and weaponized, commoditized, and used against specific targets. However, during that period, non-targets with the same softwa...
Posted on March 31st, 2016
The IBJ has another article that discusses the Anthem breach. Like many articles from many sources before, it does a poor job of being clear about the uses and types of two-factor authentication.
If you are not aware, two-factor authentication requires that you use two ways to prove who you are. This is often implemented by using something you know (account name and password) and something you have (a special token or certificate).
It is becoming common to use two-factor authentication for ...
Posted on March 18th, 2016
The newest version of the Software Assurance Maturity Model (SAMM) is freely-available from OWASP. This is a incredibly useful tool to consider your software/application security practices and what might be enhanced.
Check out this hilarious and sad FOIA redaction hall of shame. My favorite is the multi-step process with an encrypted file for a completely redacted document.
Peace officers raid a dispensary, destroy some video equipment, joke about abusing an amputee, have a laugh as they co...
Posted on March 7th, 2016
When you spend a lot of your political efforts trying to scare people, they tend to get scared. Scared people tend to not be great long-term thinkers, and often sacrifice their values in the name of “safety and security". Read American Authoritarianism. Of course, this does not give a pass to the American authoritarian left, either, who have also spent political capital to incite fear and hate, but usually towards different (more “internal") targets.
What Makes Good Teams? Well, looks like...
Posted on February 16th, 2016
Really good article about Bernie Sanders, and more generally, voting: Don’t Change the Players, Change the Game.
This is why I want you to read Changing Lenses by Zehr:
"The simple fact of the matter is the criminal justice system is meant to punish, not protect. I don’t care about seeing him punished - I would rather he get better. And they’ve done nothing to protect me - it’s only made things worse and become another weapon in his arsenal, and the arsenal of the people out there way sca...
Posted on January 29th, 2016
In 2016, I want to see if I can use the Internet as if it is not powered by ads. For other posts in the series, click here.
Have you ever tried to unsubscribe, but failed? Columbia won’t let you unsubscribe, if you have a certain type of email address.
Take a look and see if you can tell why:
Do you see it?
An email address with a “+" and extra characters is equivalent to the email address without the “+" and addendum (thus, “firstname.lastname@example.org" is supposed to ...
Posted on January 23rd, 2016
I like this tiny house design.
Brilliant satire from The Onion: Pentagon Holds Gala To Celebrate 25 Years Of Bombing Iraq
The “Have I been pwned" site has helped reduce the value of breach dumps (and thus, may be disencentivizing them). Troy Hunt asks for your help.
Want to be horrified when your phone vibrates? This app sends "a push notification every time the police kill someone in the United States."
Economic concerns trigger survival instincts and will often override our ethics...
Posted on January 19th, 2016
Secure design is just as—or more—important than security-bug removal. Yes, we need our software to be defensible against common application attacks, but we also need to consider whether our systems react safely when challenged with known threats like:
snooping, spying, & sniffing attempts
phishing & other social-engineering ploys
government orders & “rubber hose" attacks
Often, we try to push the burden of defending against these to the end user. We can and should do better.
Posted on January 19th, 2016
I had some links gathering dust, so some of these are a bit old.
Wonder why HTTPS isn’t as prolific as it should be? This post discusses some of the challenges and offers some ideas.
I had not considered all the ways that assigning-work-via-volunteers is unfair.
I still am super-mesmerized by this type of lightweight living.
What are the implications of systems being able to identify our faces easily?
It’s funny because it’s true. Security vulnerabilities are created faster tha...