• House panel votes to mandate massive user tracking

    Updated: 2011-07-30 15:59:09
    House panel approves broadened ISP snooping bill | Privacy Inc. – CNET News Declan McCullagh of CNET is reporting on a bill to require ISPs to maintain massive records on their users. According to the article this bill requires commercial Internet providers to retain “customers’ names, addresses, phone numbers, credit card numbers, bank account numbers, [...]

  • ‘War Texting’ Attack Hacks Car Alarm System – Dark Reading

    Updated: 2011-07-29 14:15:58
    This makes a good case for why it concerns me that we seem to be willing to automate all kinds of things that can really impact us without including real security. ‘War Texting’ Attack Hacks Car Alarm System – Dark Reading

  • Matt Blaze: Wiretapping and Cryptography Today

    Updated: 2011-07-28 15:38:09
    Matt Blaze analyzes why the widespread use of cryptography has had almsost no impact on our practical ability to do wiretaps and gather information under legitimate court orders. Not too technical and absolutely worth a read. Matt Blaze: Wiretapping and Cryptography Today:

  • A Firefox Toolbox for Web App Hacking

    Updated: 2011-07-21 22:38:16
    If you’re new to the world of testing web application security, you may not be aware of the many great Firefox add-ons available that greatly help such endeavors. While others have compiled similar lists in the past, I thought this week would be a good time for me to share a few of the favorite [...]

  • Visio in Security Testing

    Updated: 2011-07-14 16:02:30
    I hesitate to say that visio is only useful in pen-testing, because it can also be useful in developing a secure architecture, or a web page, and really just putting all the moving parts onto your screen (or paper) so that you can look at the big picture. I use Visio to diagram networks and [...]

  • Forbes picks up the Tech Review article.

    Updated: 2011-06-29 19:06:12
    How Visiting Competitors’ Websites May Give Away Your Business Secrets – Kashmir Hill – The Not-So Private Parts – Forbes: “” Odd that they describe a 15 year old company as a “startup”….

  • Recent interview I gave on the need for anonymity in business

    Updated: 2011-06-29 18:05:59
    Revealing Secrets with a Click – Technology Review This is a very nice interview that was just published by Technology Review on the importance of anonymity for businesses. This is a topic rarely covered. Generally either people are talking about anonymity for consumers, or businesses protecting or violating consumer privacy. Very little attention is paid [...]

  • Crockford’s History of JavaScript

    Updated: 2011-06-28 19:56:54
    Ever wonder about how we came to have the technologies and programming languages used today? Yahoo’s senior JavaScript architect Douglas Crockford gave a presentation in early 2010 that traces the developments which brought us the beloved and hated language that powers client-side web behaviors. The video is nearly two hours and only the first in [...]

  • Big public email database with some interesting efforts at privacy launched this month

    Updated: 2011-06-21 17:40:29
    The press release linked at the bottom of this post is for a new website called AddressSearch.com. While I normally ignore most of the PR blasts sent to this blog, this one seemed worth posting because of the interesting realities and conflicts it exposes. The idea is that you can use their database to find [...]

  • LDAPS: SSL vs TLS

    Updated: 2011-06-21 11:00:35
    LDAPS is used among security folks and developers pretty indiscriminately. The general gist is that the LDAP connection is encrypted between the client and server via SSL/TLS – with a lot of hand waving involved. But there is actually a slight difference in how SSL and TLS are negotiated over LDAP. TLS can be negotiated [...]

  • The difficulty of identifying attackers on the Internet and why it is impossible to fix.

    Updated: 2011-06-17 01:28:38
    This article in Scientific American does a nice job of describing why it is difficult to track attacks back to their true origins. This essay by Bruce Schneier goes farther arguing that it is fundamentally impossible to create an Internet without anonymity. The core point of both articles is that identifying the computer that a [...]

  • Five false Security vs. Privacy arguments from salon.com

    Updated: 2011-06-07 15:55:35
    This article is a nice discussion of and rebuttal to many of the arguments made to support sacrificing privacy for security. Why “security” keeps winning out over privacy – War Room – Salon.com

Current Feed Items | Previous Months Items

Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011