Shostack + Friends Blog Archive

 

Mr Laurie – Don’t do that

Ben Laurie has a nice little post up “More Banking Stupidity: Phished by Visa:” Not content with destroying the world’s economies, the banking industry is also bent on ruining us individually, it seems. Take a look at Verified By Visa. Allegedly this protects cardholders – by training them to expect a process in which there’s […]

 

Suspect and Unusual Photographs

This picture was taken by 4 high school kids with no budget: The Telegraph has the story at Teens capture images of space with £56 camera and balloon. You can click the photo for their amazing Flickr page. It’s a good thing they were in Spain. In the UK, they’d probably have been arrested for […]

 

Metricon 4.0 Call for Papers

I suspect at least some EC readers will be interested in the Call for Papers for Metricon 4.0, to be held in Montreal, August 11. Metricon 4 – The Importance of Context MetriCon 4.0 is intended as a forum for lively, practical discussion in the area of security metrics. It is a forum for quantifiable […]

 

Would I self-publish?

A few weeks back, Dave Birch asked me if I’d publish my next book myself. I don’t think I would. I’m really happy with Karen Gettman and Jessica Goldstein at Addison Wesley, and I’ve convinced my co-authors for my next book that we should have a discussion about publishers. So why am I happy with […]

 

Brad DeLong on the bailout

Brad DeLong has a FAQ up about Geithner’s plan to purchase toxic assets on the theory that the market has undervalued them, and will in time price them properly. Among the items: Q: What if markets never recover, the assets are not fundamentally undervalued, and even when held to maturity the government doesn’t make back […]

 

Best Practices?

The BBC reports that the UK Local Government Association has a new banned words list, including our favorite, “best practices.” Andrew asked me in email if this was a best practice, and I wrote back: Does it pass the seven whys test? Why did they ban the phrase? Because it’s meaningless business speak Why is […]

 

Double-take Department, Madoff Division

The Daily Beast has a fascinating article that is a tell-all from a Madoff employee. I blinked as I read: The employee learned the salaries of his colleagues when he secretly obtained a document listing them. “A senior computer programmer would make $350,000, where in most comparable firms they would be getting $200,000 to $250,000….” […]

 

The Emergent Chaos of Kutiman

So when someone sent me a link to “The Mother of all Funk Chords,” they didn’t explain it, and I didn’t quite get what I was watching. What I was watching: …is a mash up of videos found on YouTube, turned into an entire album by an Israeli artist, Kutiman.

 

Identity is Mashed Up

I posted last month about Bob Blakely’s podcast with Phil Windley. Now (by which I really mean last month, wow I’m running behind!) Bob posts that the “Relationship Paper Now Freely Available,” and I’m embarrassed to say I stole Bob’s opening sentence. Now that I’ve actually read the paper, I’d like to remix the ideas […]

 

Happy Sunshine Week

March 15-21 is “Sunshine Week“, a government transparency initiative described by its main proponents as a national initiative to open a dialogue about the importance of open government and freedom of information. Participants include print, broadcast and online news media, civic groups, libraries, non-profits, schools and others interested in the public’s right to know. The […]

 

Joseph Ratzinger and Information Security

Joseph Ratzinger (a/k/a Benedict XVI) made some comments recently made some comments that got some press. In particular, as Reuters reports: “Pope in Africa reaffirms ‘no condoms’ against AIDS.” Quoting the story, “The Church teaches that fidelity within heterosexual marriage, chastity and abstinence are the best ways to stop AIDS.” Many of you are likely […]

 

"No Evidence" and Breach Notice

According to ZDNet, “Coleman donor data breached in January, but donors alerted by Wikileaks not campaign:” Donors to Minnesota Senator Norm Coleman’s campaign got a rude awakening this week, thanks to an email from Wikileaks. Coleman’s campaign was keeping donor information in an unprotected database that contained names, addresses, emails, credit card numbers and those […]

 

Twitter + Cats = Awesome

My smart friend James Thomson of TLA Systems has created a new benchmark in iPhone applications, Twitkitteh. Not only is it the first Twitter client for cats, but it might also be the first iPhone app for cats, as well. I’ve always accused my cats of playing the stereo when I’m not there, and it […]

 

Understanding Users

Paul Graham has a great article in “Startups in 13 Sentences:” Having gotten it down to 13 sentences, I asked myself which I’d choose if I could only keep one. Understand your users. That’s the key. The essential task in a startup is to create wealth; the dimension of wealth you have most control over […]

 

All atwitter

In re-reading my blog post on twittering during a conference I realized it sounded a lot more negative than I’d meant it to. I’d like to talk about why I see it as a tremendous positive, and will be doing it again. First, it engages the audience. There’s a motive to pay close attention and […]

 

What you talkin' 'bout?

The 110-story Sears Tower, tallest office building in the Western Hemisphere, will be renamed the Willis Tower, global insurance broker Willis Group Holdings said on Thursday. Willis said it was leasing multiple floors in the 1,451-foot (442-meter) structure in downtown Chicago to consolidate offices. As part of the deal, it will become the Willis Tower […]

 

Tweet, tweet

A few weeks back, Pistachio twittered about How to Present While People are Twittering. I picked it up, and with the help of Quine, was getting comments from Twitter as I spoke. It was a fun experiment, and it’s pretty cool to be able to go back and look at the back channel. [Update: I […]

 

What Was Wrong With the Old FISA?

The Get FISA Right group is publicizing our need to re-think the laws. They have discussion going on on their site, as well as on The Daily Kos. I recommend catching up there, or reading Adam’s recent post here. I have to ask what was wrong with the old FISA? It wasn’t a bad system, […]

 

Would Anne Fadiman buy a Kindle?

If you like books, if you like to read, you need a copy of Anne Fadiman’s “Ex Libris: Confessions of a Common Reader.” You especially need to read it if you care an iota about identity management, because the major themes in her essays are not only about books, but about identity. (In case you’re […]

 

Open Thread

I’d give you a topic, but I’m taking Hilzoy’s advice and going Galt. I’ve taken ads off the blog, given up my lucrative contract for Harry Potter and the Half-Baked Firewall, and so turn this thread over to you with but a single request: civility. So what’s on your mind?

 

What Should FISA Look Like?

Jim Burrows is working to kick off a conversation about what good reform of US telecom law would be. He kicks it off with “What does it mean to “get FISA right”?” and also here. To “get it right”, let me suggest that we need: One law that covers all spying Require warrants when the […]

 

The Lastest Big Processor Breach

So it’s now roughly confirmed, except for a few denials from Visa. First there was CardSystems, then Heartland, and maybe there’s at least one more known-to-some criminal breach at a payments processor. A lot of security bloggers have been talking about this, but I figure another day, another breach. Can’t we just get some facts? […]

 

This Data Will Self-Destruct in 5 Seconds

CSO Online has a good article on data destruction, Why Information Must Be Destroyed.” It’s mostly about physical documents, not data, but I can still make a few quibbles. The author, Ben Rothke, gives an example of a financial institution that did not live up to its regulatory requirements for properly disposing documents, and was […]

 

Welcome To The (New) Machine

If you can read this, you are now reading Emergent Chaos on its new server. We’ve also upgraded to the 4.x train of MovableType. Let us know what you think. We’re also considering a site redesign, so let us know any feature requests or design suggestions. Thanks!