Showing all posts tagged security:

Several updates in the most valuable paid security testing tool, Burp Suite:

Posted on August 31st, 2018

I’m speaking about Big Data Security again, this time at the Indy OWASP meetup. Come join us and ask great questions!

Posted on July 18th, 2018

This safety culture’ model is neither stilted nor uncreative. On the contrary, deep expertise, lengthy training and the ability to learn from experience (and to incorporate the lessons of those experiences into future practices) is a valuable form of ingenuity.”

-Zeynep Tufekci in What Elon Musk Should Learn From the Thailand Cave Rescue

Posted on July 16th, 2018

It’s not a breach, it’s a business model

Posted on March 21st, 2018

The problems at Facebook aren’t simply a matter of attack or misuse, they are fundamental to a social network that makes money by advertising at scale.

Update: another

Food for Thought: 2018-03-12

Posted on March 12th, 2018

I waited too long to publish this last batch, so the list is long. Hope you find some of these interesting! Recommend your own in the comments:

Food for Thought: 2018-01-08

Posted on January 8th, 2018

Here are some things I’ve found thought provoking, recently. Recommend your own in the comments.

Food for Thought: 2017-11-27

Posted on November 27th, 2017

Here are some of the things I’ve found thought-provoking, recently:

Food for Thought: 2017-11-07

Posted on November 7th, 2017

Here are some of the things I’ve found thought-provoking, recently:

Food for Thought: 2017-10-17

Posted on October 17th, 2017

Here are some of the things I’ve found thought-provoking, recently. Ranked in priority-reading order:

Food for Thought: 2017-10-05

Posted on October 5th, 2017

Here are some of the things I’ve found thought-provoking, recently. Ranked in priority-reading order:

Food for Thought: 2017-09-25

Posted on September 25th, 2017

Here are some of the things I’ve found thought-provoking, recently. Ranked in priority-reading order:

  1. Equifax Impressed By Hackers’ Ability To Ruin People’s Finances More Efficiently Than Company Can” (except, not really):
  2. A number of large companies with presence in Indiana are going through RIFs, this year (though not targeting Indiana, specifically). Dow, Cox Enterprises, Angie’s List, Lily all in the mix, now: and

  3. At the same time, people are looking at a bid for the new Amazon headquarters:

  4. IndyEleven and their league having a hard time. Will it be possible to go MLS or USL?
  5. After news of the salmon pen break, NPR explains how it was that there were Atlantic Salmon in Washington state:
  6. Propublica release a tool to check prescriber information for Medicare Part D:
  7. More wholesome comics!


  10. I didn’t know there were albino trees

Food for Thought: 2017-08-28

Posted on August 28th, 2017

Here are some of the reads & comics I’ve found thought-provoking, recently. Ranked in priority-reading order:

  1. Responses are widely discussed in the follow-on from the neo-fascist gathering in Charlottesville. My opinion: the strategies we use to prevent future fascists may often be different from the tactics we use to limit harm from current fascists:

  2. I’m a big fan of satire and humor, as it interrupts minds and forces people to consider different perspectives:

  3. Cornel West says anarchists and antifa saved their lives: 

  4. How the Church Summons Demons”

  5. Anabaptist thoughts on Nazi-punching:

  6. Does the terrorism in Charlottesville mean the end of the alt-right as they currently exist? How do we resist whatever version of neofascism comes next?

  7. Monstrous intersection of nationalism and environmental degradation:

  8. There is now a Libertarian Socialist Caucus within both the Democratic Socialists and the Libertarian Party. Let’s hope this drives both groups in a better direction:

  9. Environmental recording may become one of the predominant personal security features in the future. This one isn’t there, yet, but it’s a step towards that possibility:

  10. Here’s a polite no, thanks” template for security (or other) spammers:

  11. Mennonite Man to Challenge Floyd Mayweather”:

  12. Rose-Hulman massively increasing its property, including the old Hulman horse ranch property across the street:

  13. Cool tiny house:

Food for Thought: 2017-08-14

Posted on August 14th, 2017

Here are some of the reads & comics I’ve found thought-provoking over the last week. Ranked in priority-reading order:

  1. Here’s a quick quiz for you to take re: White People Discrimination:
  2. Updating tactics on nonviolent direct action:
  3. Over on McSweeney’s a Google Robot writes a manifesto:
  4. Police have killed at least 2900 people since the Michael Brown killing:
  5. We struggle with loving like Jesus, but our problem isn’t education, but formation”:
  6. Reminder, it’s not actually privatization” if the public is still paying for it:
  7. EFF has a guide on how to protect your devices when crossing borders:
  8. What not to do when trying to be anonymous online:
  9. Non-Coercive Collective Decision-Making: A Quaker Perspective”, part of the C4SS symposium on Anarchy & Democracy:
  10. Experimental Theology says we’re getting Sabbath wrong:
  11. Rob Graham is compiling lists of the most (now) obvious hack types:
  12. Oh shit!
  13. Me IRL:

Food for Thought: 2017-07-03

Posted on July 3rd, 2017

Here are some of the reads & comics I’ve found thought-provoking over the last week. Ranked in priority-reading order:

  1. Really sad:
  2. I was really challenged these Plough articles that challenge the value of Curiosity: and Quote: Because studiousness directs our minds to good things in the right measure, it allows us to develop a taste for what is truly ­interesting in the world around us…and a dislike for what is merely titillating, sensational, or distracting. Without studiousness, our otherwise wholesome desire for knowledge would fall into the crude distortions that characterize the vice of curiosity.”
  3. Democrats continue to prove that they are not a viable alternative. Here’s the latest salvo:
  4. Here’s how to follow (or avoid) my coverage of Mennonite Church USA Convention:
  5. Jim Grey discusses what makes for a good software company:
  6. Krebs has a report on the latest ransomware tied to the NSA attack:
  7. The New Inquiry gives some warnings about using rights discourse”
  8. National Post shares the story of one Old Colony Mennonite family moving to Canada:

Food for Thought: 2017-06-25

Posted on June 26th, 2017

Here are some of the reads & comics I’ve found thought-provoking over the last week. Ranked in priority-reading order:

  1. How to preserve land from development? Collectively buy it! (this would be even better if the DNR wasn’t one of the buyers):
  2. Kevin Carson has a 4-step plan to address cost disease”: Quote:

  3. Destroying all unnecessary waste of inputs, all unnecessary production, all planned obsolescence, and unnecessary labor, in order to reduce necessary labor time and production costs to the absolute minimum; while at the same time
  4. Abolishing the privileges and monopolies by which the propertied classes enclose the productivity gains of technological improvement for themselves, as a source of rents, and

  5. Taking advantage of small-scale, ephemeral means of production to remove the largest share of production possible from the sphere of paid employment to direct production for use in the social sphere; so that

  6. All the cost savings of increased efficiency go to the public in the form of reduced work hours and reduced prices, while the remaining hours of paid labor are evenly distributed and pay enough to buy back the full value of everything produced.

  7. Experimental Theology claims we don’t actually find Jesus’s ethic beautiful, and that we need spiritual formation to address this gap:
  8. If you give power to your allies, it will likely eventually be used elsewhere:
  9. This Open Textbook Library is a great tool: Part of the Open Textbook Network: #AbolishIP
  10. SMBC accurately awards another point to Huxleyan” as the predominant type of dystopia:
  11. The Grugq analyzes the Reality Winner/Intercept leak:
  12. Philosophy Force Five!
  13. Anthem is paying out $115 million from the 2015 breach:
  14. Poorly Drawn Lines asks if your priorities are in order:
  15. Lunarbaboon is making a difference:
  16. With Marsh closing, IBJ has an update on what is happening to grocery stores in downtown Indy:
  17. Butler University buying back the Christian Theological Seminary land and leasing back to CTS:
  18. IndyStar explains what those weird tubes are on the north side of Indy:

Food for Thought: 2017-05-29

Posted on May 23rd, 2017

Here are some of the reads & comics I’ve found thought-provoking over the last week. Ranked in priority-reading order:

  1. One step closer to duress modes for software: 1Password introduces travel mode:
  2. Susan J. Fowler takes on workplace discrimination in tech companies from an unusual-but-critically-important angle:
  3. BroadSnark points her snark successfully at the problem of overworking while trying to maintain the important things in life:
  4. Various anarchists groups in Greece are providing food, medicine, and housing services:
  5. Indiana DNR asking people not to plant the invasive Bradford Pear:
  6. NYT covered some of the fun things to do in Indy:
  7. Yet another Lunarbaboon sweet comic:

Top Links for 2017-05-22

Posted on May 16th, 2017

Here are some of the reads & comics I’ve found thought-provoking over the last week. Ranked in priority-reading order:

  1. The Restorative Justice movement is key (see my recommendation of Changing Lenses) to a more just society. This detailed essay gets into some of the political considerations and implications:

  2. Related: Slate Star Codex talks about the tactic of focusing on Bail Reform:
  3. Related: Freddie doBoer says we can’t simultaneously be a movement based on rehabilitation and restorative justice AND a viciously judgmental moral aristocracy”
  4. Related: Mariame Kaba discusses prison-abolitionist tactics:

  5. Richard Beck of Experimental Theology once again discusses the paradox of Denouncing Caesar while embracing Caesar.”
  6. System/Application Threat Modeling is a highly valuable and underutilized activity in securing systems. OWASP has a new github-integrated tool to help you try threat-modeling:
  7. People have become so accustomed to seeing videos of abuse from law enforcement officers, that the beating of Rodney King seems not so bad:
  8. It’s a bit simplistic, but good to see something other than victim-blaming regarding Wannacry:
  9. When…commons is enclosed and run for the benefit of capital, or actually run by capital itself, price-gouging and favoritism to business are only to be expected. And every step in the process is characterized by collusion and self-dealing. That’s the nature of the capitalist state: to subsidize inputs, socialize costs and risks, and facilitate the privatization of profit.” and
  10. XKCD sarcastically articulates the current state of machine learning ethics:
  11. Reminder: Because terrorism is so uncommon…any strategy for combating it that involves policing entire communities is likely to end up harming huge numbers of innocent people — thus feeding the same climate of alienation and hostility that fosters political violence in the first place.”
  12. The Onion’s ClickHole has gone PatriotHole and it is brilliant:
  13. This framework/classification of dystopias is useful. You could even rate a society on each type:
  14. As with other things, we get more upset about our privacy more than we actually do anything about it:

  15. Related, here’s how to address Twitter’s new setup:

  16. Freddie deBoer challenges the left’s public-private divide around honesty:
  17. Cory Doctorow talks about human nature in the midst of crisis, as well as his new book:

Top Links for 2017-05-15

Posted on May 9th, 2017

  1. Waging Nonviolence discusses the tactics and principles of nonviolence:
  2. Major online companies are engaging in Internet colonialism:
  3. Poorly Drawn Lines reminds us of one of the troubles of immortality:
  4. Reminder: task-switching and interruptions are very expensive:
  5. The homeless population is rising in Indy:
  6. Microsoft responds to the attacks over the weekend:
  7. Also in colonialism, The Intercept covers Puerto Rico:
  8. The New Inquiry has been railing against predictive policing. In addition to the White Collar Crime Risk Zones” app that I recently shared, they have pulled together a syllabus: (is this a meta-share?)
  9. Google has a writeup (plus solid security reminders) based on the recent phishing issue:
  10. Lunarbaboon continues its positive cartoons:
  11. Make idlewords-style ( presentation recaps:
  12. The 200 Word RPG Challenge is complete:
  13. I like this tiny house:

Read anything over the last week that I should add for next time? Let me know in the comments!k

Duress Modes

Posted on March 3rd, 2017

I have written about Duress Modes” before (here and elsewhere). They are an important safety protection that I believe system and software developers need to be building into their products. When a user is being coerced, a Duress Mode gives them an option to comply, while limiting their risk.

Maciej Ceglowski has brought up a specific version of this with his recent post entitled Social Media needs a Travel Mode.” Take a read!

Food for Thought: 2015-10-09

Posted on October 9th, 2015

Michal Zalewski not only writes well about information security topics, but also international perspectives on politics. Here, he discusses some of the realities of gun control in the USA. I am a pacifist, but I also find myself frustrated and appalled by most discussions about gun control. One of many examples: The USA is huge, and contains lots of guns. If you want to use electoral politics to effectively get them out of the hands of citizens, you have to address the reality that it would currently require mass confiscation by already-militarized law enforcement forces and national intelligence/security agencies, both of which are well-known to be highly abusive of their powers. Cultural change is much slower, and requires a lot more understanding and honesty.

I do a lot of work in application security. I don’t typically recommend Web Application Firewalls as one of a team’s first application defenses. Why? They require a lot of work to setup and maintain, if you want them to be broadly effective. For most security programs, that time is better spent preventing and fixing software security bugs in the first place. There are some exceptions, however (mature security programs with good funding, vendor software that can’t be fixed or replaced, broad issues that require coordinated re-engineering, etc.). At Re:Invent, Amazon released details on their new WAF offering for their cloud services. I haven’t had a chance to check this out, yet, but I am interested to check it out and see how it stacks up against 3rd party options that are out there.

Todd Grotenhuis

Professionally an Information Security Specialist, Politically an Abolitionist, Theologically an Anabaptist