Security
Are You Blocking Flash Cookies
Spammers and people without regard for your privacy or your privacy preferences (blocking cookies means I don’t want them in any form) are insidious. Unbeknownst to many people, Macromedia Flash …
The browser wars are back: on security turf
In this article, OSS means slower patches, David Sykes from Symantec makes some absurd claims about open source being slower to patch than closed source. “It is relying on the goodwill and best …
Security reading list
A book that I am reading right now: Between Silk and Cyanide A true story of cryptography in the field during WWII. A free 900 page eBook from Microsoft Press: Improving Web Application Security: …
Security books to check out
https://www.wiley.com/legacy/compbooks/mcnamara/ Secrets of Computer Espionage: Tactics and Countermeasures by Joel McNamara Covers electronic and wireless eavesdropping, computer surveillance, …
Who's fault is ID theft and financial fraud? Ask your bank.
Repeat after me: Identifiers are not Authenticators. SSN: Identifies you, does not prove your identity. This is a claimed identity on its own. Credit/debit Card Number: Identifies your credit card …
Several stories that prove the world is going crazy
First out of the gate: Fedex sued a loyal customer for posting photos of furniture he made for himself out of Fedex boxes on the web. Get this, they used many…er…novel…legal …
Using threat modeling featured in new OWASP WAPT
This will be something to look forward to. I have not seen much of the theory of threat modeling end-to-end put into practice effectively or completely. And much of what I have seen of threat modeling …
25 And A Bit More Green For An X509 Certificate
That sounds like quite a deal actually. Verisign still charges an exhorbitant amount of money for bits that do the same thing. -Jason From Peter Gutman to the Cryptography Mailing list Subject: How …
Homeland Security Getting Smarter Or Staying Stupid
Getting smarter: Chertoff is a good guy. When I heard this NPR interview I remember thinking, holy crap, someone who gets it. Security is about tradeoffs and with limited resources, making the most …
Non English Internet Domain Names Likely Delayed Due To Phishing Concerns
Non-English Domain Names Likely Delayed - Yahoo! News Social engineering attacks using similar characters to trick users are called homograph, or semantic attacks Also see this article on IDN …