With three days to the US election, the outrage machines are running on all cylinders. It’ll be easier to stay happy if you remember to notice them. To be clear, I’m not using a metaphor. Websites from news to social media use data to drive stories. Twitter’s top tweets, Facebook’s timeline, your local newspaper, but…Read More Notice the Outrage Machines
In the last few days, we’ve seen two big stories in the realm of cryptography. The first is that SHA-1 breaks are now practical, and those practical breaks impact things like PGP and git. If you have code that depends on SHA-1, its time to fix that. If you have a protocol that uses SHA1,…Read More Cryptographic Excitement
Today is the 50th Anniversary of “One small step for a man, one giant leap for mankind.” It’s an event worth celebrating, in the same way we celebrate Yuri’s Night. The holy days — the holidays — that we celebrate say a great deal about us. They shape who we are. The controversies that emerge…Read More Happy Apollo Day!
Congratulations to the 2016 winners! Dan Geer, Chief Information Security Officer at In-Q-Tel; Lance J. Hoffman, Distinguished Research Professor of Computer Science, The George Washington University; Horst Feistel, Cryptographer and Inventor of the United States Data Encryption Standard (DES); Paul Karger, High Assurance Architect, Prolific Writer and Creative Inventor; Butler Lampson, Adjunct Professor at MIT,…Read More CyberSecurity Hall of Fame
That’s the subject of a thought-provoking Washington Post article, “In about 20 years, half the population will live in eight states,” and 70% of Americans will live in 15 states. “Meaning 30 percent will choose 70 senators. And the 30% will be older, whiter, more rural, more male than the 70 percent.” Of course, as…Read More Half the US population will live in 8 states
Recently, I was talking to a friend who wasn’t aware that I’m consulting, and so I wanted to share a bit about my new life, consulting! I’m consulting for companies of all sizes and in many sectors. The services I’m providing include threat modeling training, engineering and strategy work, often around risk analysis or product…Read More Open for Business
Back in January, I wrote about “The Dope Cycle and the Two Minutes Hate.” In that post, I talked about: Not kidding: even when you know you’re being manipulated into wanting it, you want it. And you are being manipulated, make no mistake. Site designers are working to make your use of their site as…Read More The Dope Cycle and a Deep Breath
I’m excited to see the call for papers for Passwords 2016. There are a few exciting elements. First, passwords are in a category of problems that someone recently called “garbage problems.” They’re smelly, messy, and no one really wants to get their hands dirty on them. Second, they’re important. Despite their very well-known disadvantages, and…Read More Passwords 2016