The Electronic Frontier Foundation has published a report on the State of HTTPS Security that promises to be the first in a series and is well worth reading on its own. The TL;DR version: HTTPS adoption is growing rapidly, but the current system, especially the Certificate Authorities, has much room for improvement before it actually [...]
Thanks to the announcement of Apple’s iCloud, I’ve been forced to answer several inquiries about The Cloud this week. Now, I’m coming out of hiding to subject all of you to some of it… The thing that you must never forget about The Cloud is that once information moves to The Cloud, you’ve inherently ceded [...]
First, for those who might have missed it, Google has released Google Refine, a free tool for cleaning dirty data sets. It allows you to pull in disparate data, then organize and clean it for consistency. Next, some interesting thoughts on how “anonymized” data sets aren’t, and some thoughts on the implications of this from [...]
Seth Godin asks an excellent question: Is something important because you measure it, or is it measured because it’s important? I find that we tend to measure what we can, rather than working toward being able to measure what we should, in large part because some variation of this question is not asked. I’m going [...]
But you can still evaluate the quality of the effort Likewise, there’s a lot that you can’t measure about security and risk, but you can still infer something from how the effort is pursued.
A reminder for those of you who haven’t read or watched “V for Vendetta” one time too many, it’s Guy Fawkes Day today: The plan was to blow up the House of Lords during the State Opening of Parliament on 5 November 1605… …Fawkes, who had 10 years of military experience fighting in the Spanish Netherlands in [...]
Some guy recently posted a strangely self-defeating link/troll/flame in an attempt to (I think) argue with Alex and/or myself regarding the relevance or lack thereof of ISACA’s CRISC certification. Now given that I think he might have been doing it to drive traffic to his CRISC training site, I won’t show him any link love [...]
Alex’s posts on Posts on CRISC are, according to Google, is more authoritative than the CRISC site itself: Not that it matters. CRISC is proving itself irrelevant by failing to make anyone care. By way of comparison, I googled a few other certifications for the audit and security world, then threw in the Certified Public [...]
I’ve seen some cool Walmart visualizations before, and this one at FlowingData is no exception. The one thing I wondered about as I watched was if it captured store closings–despite the seemingly inevitable march in the visualization, there have been more than a few.
Since it seems like I spent all of last week pronouncing that ZOMG! SSL and Certificate Authorities is Teh Doomed!, I guess that this week I should consider the alternatives. Fortunately, the Tor Project Blog, we learn what life is like without CA’s Browse to a secure website, like https://torproject.org/. You should get the intentionally [...]