Showing all posts tagged #security:


Food for Thought: 2016-04-18

Posted on April 18th, 2016

The New Inquiry ponders the “viral virus" and whether society benefits "from a world in which everyone is anxious about having anxiety". Your first SMBC of this post: In TV and movies, it is a common trope to track someone to an exact location using only their IP address, often even to a specific spot in a specific room! Naturally, you are skeptical of that, as you should be. This excellent story shows some of the really interesting things that happen with IP-to-physical-address mapping at...

Food for Thought: 2016-04-01

Posted on April 1st, 2016

No Funnies Edition Another winner from The Baffler. It hits so many sweet spots for me, such as quoting Jacques Ellul and criticizing advertising, propaganda, and this terrible upcoming US presidential election. The ethical thing to do when you have a security vulnerability is to help the people responsible for the vulnerability to fix it. Often, it is instead hidden and weaponized, commoditized, and used against specific targets. However, during that period, non-targets with the same softwa...

Two-Factor Authentication in the News

Posted on March 31st, 2016

The IBJ has another article that discusses the Anthem breach. Like many articles from many sources before, it does a poor job of being clear about the uses and types of two-factor authentication. If you are not aware, two-factor authentication requires that you use two ways to prove who you are. This is often implemented by using something you know (account name and password) and something you have (a special token or certificate). It is becoming common to use two-factor authentication for ...

Food for Thought: 2016-03-18

Posted on March 18th, 2016

The newest version of the Software Assurance Maturity Model (SAMM) is freely-available from OWASP. This is a incredibly useful tool to consider your software/application security practices and what might be enhanced. Check out this hilarious and sad FOIA redaction hall of shame. My favorite is the multi-step process with an encrypted file for a completely redacted document. Peace officers raid a dispensary, destroy some video equipment, joke about abusing an amputee, have a laugh as they co...

Food for Thought: 2016-03-07

Posted on March 7th, 2016

When you spend a lot of your political efforts trying to scare people, they tend to get scared. Scared people tend to not be great long-term thinkers, and often sacrifice their values in the name of “safety and security". Read American Authoritarianism. Of course, this does not give a pass to the American authoritarian left, either, who have also spent political capital to incite fear and hate, but usually towards different (more “internal") targets. What Makes Good Teams? Well, looks like...

Food for Thought: 2016-02-16

Posted on February 16th, 2016

Really good article about Bernie Sanders, and more generally, voting: Don’t Change the Players, Change the Game. This is why I want you to read Changing Lenses by Zehr: "The simple fact of the matter is the criminal justice system is meant to punish, not protect. I don’t care about seeing him punished - I would rather he get better. And they’ve done nothing to protect me - it’s only made things worse and become another weapon in his arsenal, and the arsenal of the people out there way sca...

#AdFree2016: Failed Unsubscribe

Posted on January 29th, 2016

In 2016, I want to see if I can use the Internet as if it is not powered by ads. For other posts in the series, click here. Have you ever tried to unsubscribe, but failed? Columbia won’t let you unsubscribe, if you have a certain type of email address. Take a look and see if you can tell why: Zoomed in: Do you see it? An email address with a “+" and extra characters is equivalent to the email address without the “+" and addendum (thus, “example+columbia@example.com" is supposed to ...

Food for Thought: 2016-01-23

Posted on January 23rd, 2016

I like this tiny house design. Brilliant satire from The Onion: Pentagon Holds Gala To Celebrate 25 Years Of Bombing Iraq The “Have I been pwned" site has helped reduce the value of breach dumps (and thus, may be disencentivizing them). Troy Hunt asks for your help. Want to be horrified when your phone vibrates? This app sends "a push notification every time the police kill someone in the United States." Economic concerns trigger survival instincts and will often override our ethics...

More Thoughts on Secure Design

Posted on January 19th, 2016

Secure design is just as—or more—important than security-bug removal. Yes, we need our software to be defensible against common application attacks, but we also need to consider whether our systems react safely when challenged with known threats like: snooping, spying, & sniffing attempts phishing & other social-engineering ploys government orders & “rubber hose" attacks Often, we try to push the burden of defending against these to the end user. We can and should do better. Inspired v...

Food for Thought: 2016-01-19

Posted on January 19th, 2016

I had some links gathering dust, so some of these are a bit old. Wonder why HTTPS isn’t as prolific as it should be? This post discusses some of the challenges and offers some ideas. I had not considered all the ways that assigning-work-via-volunteers is unfair. I still am super-mesmerized by this type of lightweight living. What are the implications of systems being able to identify our faces easily? It’s funny because it’s true. Security vulnerabilities are created faster tha...

Todd Grotenhuis

Professionally an Information Security Specialist, Politically an Abolitionist, Theologically an Anabaptist