Shostack + Friends Blog Archive

 

Taxpayers Stuck With Tab, but not in Seattle

In an article with absolutely no relevance for Seattle, the New York Times reports “With No Vote, Taxpayers Stuck With Tab on Bonds.” In another story to which Seattle residents should pay not attention, the city of Stockton is voting to declare bankruptcy, after risking taxpayer money on things like a … sports arena. Of […]

 

Will People Ever Pay for Privacy, Part XVI

Every now and then, a headline helps us see the answer to the question “Will people ever pay for Privacy?” Quoth the Paper of record: The seclusion may be the biggest selling point of the estate belonging to Robert Hurst, a former executive at Goldman Sachs, which was just listed by Debbie Loeffler of the […]

 

A flame about flame

CNET ran a truly ridiculous article last week titled “Flame can sabotage computers by deleting files, says Symantec”. And if that’s not goofy enough, the post opens with The virus can not only steal data but disrupt computers by removing critical files, says a Symantec researcher. ZOMG! A virus that deletes files! Now that is […]

 

Breach Notification in France

Over at the Proskauer blog, Cecile Martin writes “Is data breach notification compulsory under French law?” On May 28th, the Commission nationale de l’informatique et des libertés (“CNIL”), the French authority responsible for data privacy, published guidance on breach notification law affecting electronic communications service providers. The guidance was issued with reference to European Directive […]

 

Active Defense: Show me the Money!

Over the last few days, there’s been a lot of folks in my twitter feed talking about “active defense.” Since I can’t compress this into 140 characters, I wanted to comment quickly: show me the money. And if you can’t show me the money, show me the data. First, I’m unsure what’s actually meant by […]

 

Age and Perversity in Computer Security

I’ve observed a phenomenon in computer security: when you want something to be easy, it’s hard, and when you want the same thing to be hard, it’s easy. For example, hard drives fail at seemingly random, and it’s hard to recover data. When you want to destroy the data, it’s surprisingly hard. I call this […]

 

Future of Privacy Seeks Input

The Future of Privacy Forum (FPF) is an interesting mix of folks trying to help shape, well, the future of privacy. They have an interesting mix of academic and industry support, and a fair amount of influence. They’re inviting authors with an interest in privacy issues to submit papers to be considered for FPF’s third […]

 

In the Spirit of Feynman

Did you notice exactly how much of my post on Cloudflare was confirmation bias? Here, let me walk you through it. In our continuing series of disclosure doesn’t hurt, Continuing series are always dangerous, doubly so on blogs. I wanted to point out Cloudflare’s “Post Mortem: Today’s Attack; Apparent Google Apps/Gmail Vulnerability; and How to […]

 

Mozilla's Vegan BBQ

The fine folks at Mozilla have announced that they’ll be hosting a BBQ in Dallas to thank all their supporters. And the cool thing about that BBQ is it’s gonna be vegan by default. You know, vegan. No animal products. It’s good for you. It’s the right default. They’ll have dead cow burgers, but you’ll […]

 

Feynman on Cargo Cult Science

On Twitter, Phil Venables said “More new school thinking from the Feynman archives. Listen to this while thinking of InfoSec.” During the Middle Ages there were all kinds of crazy ideas, such as that a piece of rhinoceros horn would increase potency. Then a method was discovered for separating the ideas–which was to try one […]

 

Twitter Weekly Updates for 2012-06-10

RT @DeathStarPR Easy way to feel like Darth Vader: stand over a heap of dirty laundry and imagine you've just killed a Jedi. #StarWars # RT @runasand We have managed to determine exactly how Ethiopia blocks #Tor and we have developed a workaround: https://t.co/snTjeVbN # RT @derekcslater What I learned when I left security http://t.co/AexcK8NN […]

 

Edited Twitter Weekly Updates for 2012-06-10

RT @hellNbak_ @adamshostack @derekcslater anything with Scott Blake has to be worth reading. # RT @Beaker Updated BYOD security profile/policy pushed to my iPhone this morning. String passwords on phone unlock (really?) = PiTA. # Bad password policies give no benefit while absorbing your people's willingness to help with security. #Fail (cc @beaker) # RT […]

 
 

CloudFlare's Post Mortem

In our continuing series of disclosure doesn’t hurt, I wanted to point out Cloudflare’s “Post Mortem: Today’s Attack; Apparent Google Apps/Gmail Vulnerability; and How to Protect Yourself.” Go take a look, it’s worth reading, especially the updates. I take three lessons from this: Disclosing an attack allows you to control the story, and is better […]

 

Edited Twitter Weekly Updates for 2012-06-03

Cool Stuff RT @SPACEdotcom SPLASHDOWN! @SpaceX #Dragon Space Capsule Ends Historic Mission with Pacific Ocean Splash http://t.co/3H3J1cXz Cool! IE10 in Win8 Release Preview has "Do Not Track" on by default! http://t.co/HHZv8cBw #privacy # RT @gabrielgironda WE ENCOURAGED PEOPLE TO LEARN TO PROGRAM AND JUST LOOK AT WHAT HAPPENED http://t.co/IE9HeNt3 # New blog: "Washington State Frees […]

 

Washington State Frees Liquor Sales: some quick thoughts

I hate to let an increase in liberty go by without a little celebration. For the past 78 years, Washington State has had a set of (effectively) state-operated liquor stores, with identical pricing and inventory. Today, that system is gone, replaced by private liquor sales. The law was overturned by a ballot initiative, heavily backed […]