If you’re seeing this in your feed, have you also seen a bad Star Wars joke? Because I’ve got one on the new blog. Please add, or replace the feed you’re reading with it. (This is the version of this post; the new post is just at

Read More Star Wars Jokes?

I’m in the process of replacing this site,, and the site with a new, unified I’ll be saying more about the redesign, but as part of it, I’m migrating the blog over there. There are a few new posts there that I forgot to mirror here, including: Threat Modeling Through the JoHari…

Read More Blog updates

Over the years, a number of people set up Feedburner accounts to proxy RSS from our blogs into their system. I generally have no issue with people reading how they choose, but I cannot provide support or management. Google is end of lifing the old Feedburner, and for those of you reading via Feedburner RSS, I humbly ask that you update to or (with comments).

I’ve updated the blog theme. Please let me know if I broke anything.

Voting for the 2016 Security Blogger Awards are now open, and this blog is nominated for most entertaining. Please don’t vote for us. Along with our sister blog, we’re aiming to dominate a new category next year, “most nominations without a win.”

Read More Security Blogger Awards

Hossein Derakhshan was recently released from jail in Iran. He’s written a long and thoughtful article “The Web We Have to Save.” It’s worth reading in full, but here’s an excerpt: Some of it is visual. Yes, it is true that all my posts on Twitter and Facebook look something similar to a personal blog:…

Read More The Web We Have to Save