In the last few days, we’ve seen two big stories in the realm of cryptography. The first is that SHA-1 breaks are now practical, and those practical breaks impact things like PGP and git. If you have code that depends on SHA-1, its time to fix that. If you have a protocol that uses SHA1,…Read More Cryptographic Excitement
Today is the 50th Anniversary of “One small step for a man, one giant leap for mankind.” It’s an event worth celebrating, in the same way we celebrate Yuri’s Night. The holy days — the holidays — that we celebrate say a great deal about us. They shape who we are. The controversies that emerge…Read More Happy Apollo Day!
Congratulations to the 2016 winners! Dan Geer, Chief Information Security Officer at In-Q-Tel; Lance J. Hoffman, Distinguished Research Professor of Computer Science, The George Washington University; Horst Feistel, Cryptographer and Inventor of the United States Data Encryption Standard (DES); Paul Karger, High Assurance Architect, Prolific Writer and Creative Inventor; Butler Lampson, Adjunct Professor at MIT,…Read More CyberSecurity Hall of Fame
That’s the subject of a thought-provoking Washington Post article, “In about 20 years, half the population will live in eight states,” and 70% of Americans will live in 15 states. “Meaning 30 percent will choose 70 senators. And the 30% will be older, whiter, more rural, more male than the 70 percent.” Of course, as…Read More Half the US population will live in 8 states
Recently, I was talking to a friend who wasn’t aware that I’m consulting, and so I wanted to share a bit about my new life, consulting! I’m consulting for companies of all sizes and in many sectors. The services I’m providing include threat modeling training, engineering and strategy work, often around risk analysis or product…Read More Open for Business
Back in January, I wrote about “The Dope Cycle and the Two Minutes Hate.” In that post, I talked about: Not kidding: even when you know you’re being manipulated into wanting it, you want it. And you are being manipulated, make no mistake. Site designers are working to make your use of their site as…Read More The Dope Cycle and a Deep Breath
I’m excited to see the call for papers for Passwords 2016. There are a few exciting elements. First, passwords are in a category of problems that someone recently called “garbage problems.” They’re smelly, messy, and no one really wants to get their hands dirty on them. Second, they’re important. Despite their very well-known disadvantages, and…Read More Passwords 2016
There is a spectre haunting the internet, the spectre of drama. All the powers of the social media have banded together to not fight it, because drama increases engagement statistics like nothing else: Twitter and Facebook, Gawker and TMZ, BlackLivesMatter and GamerGate, Donald Trump and Donald Trump, the list goes on and on. Where is…Read More The Rhetorical Style of Drama