Shostack + Friends Blog Archive

 

Happy New Year!

Our new year’s resolution is to show a sense of childlike wonder at and acceptance of everything we come across, especially this year’s leap second. Incidentally, this post is scheduled to go live at 2008-12-31 23:59:60. Let’s see what happens! Update: Movable Type complained when I tried to save the post: “Invalid date ‘2008-12-31 23:59:60’; […]

 

Now will you believe MD5 is broken?

I’m just sitting here blinking, having a Brecht moment in which I am laughing at those who are crying and crying at those who are laughing. At the CCC congress, a number of people did something dramatic — they created a forged SSL certificate. It’s dramatic, but nothing special. We’ve known that MD5 is broken […]

 

Happy Newton, everyone!

In honor of Newton’s Birthday festival, I therefore propose the following song, to be sung to the tune of “The Twelve Days of Christmas.” For brevity, I include only the final verse. All together now! On the tenth day of Newton, My true love gave to me, Ten drops of genius, Nine silver co-oins, Eight […]

 

Gavle Goat Gone

The Gavle goat survived until the 27th this year, but as the BBC reports, “ Festive goat up in flames again.” Previously: “Goat Security,” “13 Meter Straw Goat Met His Match.”

 

I miss Montreal

When Seattle is covered in snow, it’s easy to miss Montreal. Now, folks in areas that get lots of snow like to make fun of Seattlites for being unable to handle a little snow, but it turns out that there’s another reason (beyond the steep hills) the city has a (ahem) unique approach: “Seattle refuses […]

 

At the tail end of the car series…

Originating from Wootton High School, the parent said, students duplic ate the license plates by printing plate numbers on glossy photo paper, using fonts from certain websites that “mimic” those on Maryland license plates. They tape the duplicate plate over the existing plate on the back of their car and purposefully speed through a speed […]

 

Earthrise

40 years ago, NASA released this first [human-taken] photo of the Earth from far away: [Update: The BBC has a nice story.]

 

News and Lessons from the Auto Market

“There are no hot segments,” said George Pipas, Ford’s market analyst. “And there really are no hot products.” So closes an article, “Automakers Report Grim October Sales.” GM, sales down 45%. Ford, -30%. Chrysler, -34.9%. Toyota, -23%. Honda -25%, Nissan -33%. MINI Cooper: Up 56.4%. Soon, Ford will be caring about MINI’s market of “only” […]

 

Designing Cars

I was struck by this quote in “Edgy, Yet Still Aerodynamic” an article in the New York Times about how new cars are being designed and tested: , To his surprise, in hundreds of tests at Ford’s Wind Tunnel 8 southwest of Detroit the original edges produced less drag than curved substitutes, Mr. Koester said. […]

 

December 21, 1968

It was even more exciting on a black and white Zenith. Image: Nasa photo 6871798

 

This is the farewell shoe, you dog

Bloomberg is reporting that “Shoe Hurled at Bush Flies Off Turkish Maker’s Shelves : Baydan has received orders for 300,000 pairs of the shoes since the attack, more than four times the number his company sold each year since the model was introduced in 1999. The company plans to employ 100 more staff to meet […]

 

Thoughts on the Somali Pirates

Stratfor’s podcast on the seizure of that Saudi oil tanker contained a fascinating tidbit: merchant ships are no longer allowed to carry arms at all, which, of course, makes piracy far easier. This is a dramatic transformation of the rights of merchant ships. Historically, private ships carried weapons when sailing far out of their own […]

 

Citizens, Juries and other Balances

Following on my post on Parliaments, Dukes and Queens, I’d like to talk about other checks on the power of government, besides throwing tea into the harbor. In Britian, “a jury has failed to clear police in the death of Jean Charles de Menezes.” The jury is the first group who, frankly, has not whitewashed […]

 

Evidence of Time Travel Found in China

According to Ananova, a Swiss watch-ring has been found covered in dirt in a four-hundred year old Ming dynasty tomb. The watch was found, covered in dirt. It was stopped at the time 10:06 and has the word, “Swiss” engraved on the back. The archaeologists on the dig have requested archaeologists from Beijing to help […]

 

Happy Boston Tea Party Day!

It was 235 years ago today that the Sons of Liberty threw tea into Boston harbor, and they still haven’t been able to clean the place up. Please join me in celebrating this most American response to taxation.

 

Of Parliaments, Dukes and Queens

Four interesting stories recently, all having to do with the ancient relationship between a sovereign and a parliament, or the relationship of hereditary rulership to democracy. I secretly admire the emergent forms of government which have proven stable despite their chaotic origins. I’m fascinated by these imperfectly republican nations like Canada and the United Kingdom, […]

 

As easy as dialing a phone

People often make the claim that something is “as intuitive as dialing the phone.” As I was listening to “Dave Birch interviewing Ben Laurie,” I was reminded of this 1927 silent film: Ben commented on people having difficulty with the CardSpace user interface, and it not being as intuitive as having your email address being […]

 
 

Working Through Screens

Jacob Burghardt has a very interesting new ebook, “Working Through Screens.” If one was to summarize the status quo, it might sound something like this: when it comes to interactive applications for knowledge work, products that are considered essential are not always satisfactory. In fact, they may be deeply flawed in ways that we commonly […]

 

Do Security Breaches Cost Customers?

Adam Dodge, building on research by Ponemon and Debix, says “Breaches Cost Companies Customers,” and Alan Shimel dissents in “Do data breaches really cost companies customers?” Me, I think it’s time we get deeper into what this means. First, the customers. Should they abandon a relationship because the organization has a security problem? To answer […]

 

Privacy Rights & Privacy Law

First, the European Court of Human Rights has ruled that the UK’s “DNA database ‘breach of rights’:” The judges ruled the retention of the men’s DNA “failed to strike a fair balance between the competing public and private interests,” and that the UK government “had overstepped any acceptable margin of appreciation in this regard”. The […]

 

Two Buck Barack

So the New York Times is breathless that “Obama Hauls in Record $750 Million for Campaign.” A lot of people are astounded at the scale of the money, and I am too. In a long, hard campaign, he raised roughly $2.50 per American, and spent slightly less than that. Unusually, he ended his campaign not […]

 

Eric Drexler blogging

At Metamodern.com. Way cool. I look forward to what he has to say. Unfortunately, one of his early posts falls into the trap of believing that “Computation and Mathematical Proof” will dramatically improve computer security: Because proof methods can be applied to digital systems, and in particular, will be able to verify the correctness (with […]

 

DataLossDB announces awesome new feature

The Data Loss Database, run by the Open Security Foundation, now has a significant new feature: the inclusion of scanned primary source documents. This means that in addition to being able to determine “the numbers” on an incident, one can also see the exact notification letter used, the reporting form submitted to state government, cover […]

 

Happy Repeal Day!

Today is the 75th anniversary of the repeal of the blanket prohibition of alcohol sales in the United States. Go pour some Champagne, Cava, or fine California bubbly and read Radley Balko’s excellent “Lessons of Prohibition.” Photo: Jensen.Pernille. Thanks to Sama.

 

Videos of me

The employer has been posting them at a prodigious rate. There’s: “Threat Modeling at EMC and Microsoft,” Danny Dhillon of EMC and myself at BlueHat. Part of the BlueHat SDL Sessions. Also on threat modeling, Michael Howard and I discuss the new SDL Threat Modeling Tool Michael Howard and I also discussed the new SDL […]

 

The Costs of Fixing Problems

I enjoyed reading Heather Gerkin’s article: “The Invisible Election.” I am one of the few people to have gotten a pretty good view of the invisible election, and the reality does not match the reports of a smooth, problem-free election that have dominated the national media. As part of Obama’s election protection team, I spent […]

 

You versus SaaS: Who can secure your data?

In “Cloud Providers Are Better At Securing Your Data Than You Are…” Chris Hoff presents the idea that it’s foolish to think that a cloud computing provider is going to secure your data better. I think there’s some complex tradeoffs to be made. Since I sort of recoiled at the idea, let me start with […]