August 2004

I’m reading through NIST SP-800-70 (pdf), the NIST guide to producing security configuration guides. Let me get more coffee before I continue. Thanks for waiting. “If home users and other users without deep security expertise attempt to apply High Security checklists to their systems, they would typically experience unwanted limitations on system functionality and possibly…

Read More Unrecoverable Damage?

Or, if you prefer, the original can be found elsewhere. It’s always nice when things I want to abuse like that are in the public domain. (Obligatory Lessig link.) But beyond that, think how much poorer literature in the computer science field would be if we didn’t have Alice In Wonderland to freely quote from,…

Read More Lewis Carroll

“The time has come,” the Walrus said, “To talk of many things: Of shoes–and ships–and sealing-wax– Of cabbages–and kings– And why the sea is boiling hot– And whether pigs have wings.” “But wait a bit,” the Oysters cried, “Before we have our chat; For some of us are out of breath, And all of us…

Read More Self-referential nonsense

Bruce Schneier has written insightfully about Olympic security. They’ve spent $1.5 billion, and today’s marathon race was marred by some idiot leaping into the path of the front-runner, and dragging him into the crowd. Its always tempting, and usually wrong, to say that any failure of security could be prevented. However, this Olympics has seen…

Read More Olympic Security

Beatrice Arthur, who apparently enjoys a little politics along with her fame, got irked at the airport police: “She started yelling that it wasn’t hers and said ‘The terrorists put it there,’ ” a fellow passenger said. “She kept yelling about the ‘terrorists, the terrorists, the terrorists.’ ” After the blade was confiscated, Arthur took…

Read More Bea Arthur, Terrorist

Over at TaoSecurity, Richard writes about a new report from CERT/CC and the Secret Service, studying “23 incidents carried out by 26 insiders in the banking and finance sector between 1996 and 2002.” I’m very glad that they’re doing this. I think that actually studying how bad guys carry out attacks is critical for defending…

Read More About those insiders

(Dave asked in a comment.) Yes, disabling Javascript is a win. Here’s an IE issue, and here’s one for Mozilla. Now, using Javascript, when its on, to reduce the number of clicks a user needs to make is a fine thing. I’m in favor of it. (Although I often find myself in misselect hell, when…

Read More Is Disabling Javascript a Win?