Life without Certificate Authorities

by Chandler on March 29, 2010

Since it seems like I spent all of last week pronouncing that ZOMG!  SSL and Certificate Authorities is Teh Doomed!, I guess that this week I should consider the alternatives.  Fortunately, the Tor Project Blog, we learn what life is (…)

Read the rest of this entry »

Going Dutch: Time for a Breach Notification Law

by adam on March 29, 2010

The European Digital Rights Initiative mentions that “Bits of Freedom starts campaign for data breach notification law:” A data breach notification obligation on telecom providers is already to be implemented on the basis of the ePrivacy Directive, but Bits of (…)

Read the rest of this entry »

More Bad News for SSL

by Chandler on March 26, 2010

I haven’t read the paper yet, but Schneier has a post up which points to a paper “Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow,” by Shuo Chen, Rui Wang, XiaoFeng Wang, and Kehuan Zhang.about a new (…)

Read the rest of this entry »

Smoke, Fire and SSL

by Chandler on March 25, 2010

Where there’s smoke, there’s fire, goes the adage. And in the case of an allegedly-theoretical exploit outlined in a new paper by Chris Soghoian and Sid Stamm (the compelled certificate creation attack), the presence of a product whose only use (…)

Read the rest of this entry »

Well that didn’t take long…

by Chandler on March 24, 2010

The Guardian has reported the first official incident of misuse of full-body scanner information The police have issued a warning for harassment against an airport worker after he allegedly took a photo of a female colleague as she went through (…)

Read the rest of this entry »

The New School on Lady Ada Day

by adam on March 24, 2010

Today is Ada Lovelace Day, an international day of blogging to celebrate the achievements of women in technology and science. For Lady Ada Day, Andrew and I want to thank Jessica Goldstein, our editor at Addison Wesley. Without her encouragement, (…)

Read the rest of this entry »

Risks Interconnection Map

by alex on March 24, 2010

The sweet interactive version is here: http://www.weforum.org/documents/riskbrowser2010/risks/# Beyond the cool visualization, I’m really interested in the likelihood/impact of data fraud/data loss over on the left there…

Counterpoint: There is demand for security innovation

by adam on March 23, 2010

Over in the Securosis blog, Rich Mogull wrote a post “There is No Market for Security Innovation.” Rich is right that there’s currently no market, but that doesn’t mean there’s no demand. I think there are a couple of inhibitors (…)

Read the rest of this entry »

I look forward to merging your unique visibility into my own

by adam on March 23, 2010

In “White House Cyber Czar: ‘There Is No Cyberwar’,” Ryan Singel writes: As for his priorities, Schmidt says education, information sharing and better defense systems rank high. That includes efforts to train more security professionals and have the government share (…)

Read the rest of this entry »

Lessons from Robert Maley’s Dismissal

by adam on March 22, 2010

A bit over a week ago, it came out that “Pennsylvania fires CISO over RSA talk.” Yesterday Jaikumar Vijayan continued his coverage with an interview, “Fired CISO says his comments never put Penn.’s data at risk.” Now, before I get (…)

Read the rest of this entry »