RSAC (the RSA computer security convention) was in town, and for a while security advertisement abounded. This ad was my favorite. Seen from across the street, the ad seemed to say that "Huntress" wa...
Permalink
Book Report: Permanent Record
It's whistleblower Ed Snowden's autobiography. I'd already read+watched plenty about him and knew that he had discovered and leaked details of the NSA's unethical, illegal, and pointless spying on Am...
Permalink
Book Report: Attack Surface
This novel is a sequel to Homeland and Little Brother. It's OK. It leans pretty hard on your suspension of disbelief; a major plot point involves some programmers being good both at hacking security ...
Permalink
Book Report: Cult of the Dead Cow (Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World)
Nowadays we talk about the Centers for Disease Control a bunch but back in the Aughts, when we said the cDC, we probably meant the Cult of the Dead Cow. This was a group of hackers. Some of them were...
Permalink
Book Report: Silence on the Wire
It's a book with ways to indirectly find out internet-security-ish info about things. E.g., if you're curious to know whether visitors to your website also frequent the San Francisco SPCA website, yo...
Permalink
If you live near SF and are interested in election machines and/or election security, you might want to visit the SF Poll Worker Practice Lab on Nov 4 where you can set up, tear down, and operat...
Permalink
Book Report: Habeas Data
It's a book about recent USA data search-and-seizure law. It describes laws and supreme court cases revolving around convictions based on creepily-acquired data. So you can read about how some bay ar...
Permalink
Book Report: The Woman Who Smashed Codes
Before I read this book, I vaguely knew that Elizebeth Friedman was a skilled codebreaker but figured I would never know the deets since her work was classified. But this biography pulls some impres...
Permalink
Book Report: American Spies
It's a summary of the USA surveillance debacle of recent decades. Such a summary can be useful. For a lot of these tech-y news-summary books, I say "Why would I read that? I followed the news then." ...
Permalink
Book Report: Data and Goliath
Bruce Schneier once again writing a normal-person-understandable policy-ish book about implications of computer security SNAFU. Plenty of organizations gather info about us. Some of this information...
Permalink
Job search is done: I accepted an offer at Token, which writes software to help banks do bank-y things on the internet. Many thanks and appreciations to folks who pointed me at places, pointed places...
Permalink
Book Report: Dragnet Nation
In which a reporter explores preserving privacy, trying out tools and processes to keep governments and companies from learning about her. This book could easily have devolved into tinfoil-hattery, b...
Permalink
I'm kind of embarrassed about how long it took me to install Signal. I assumed it would take a while to set up. It's a security app written by security people. Surely there would be questions I didn'...
Permalink
Book Report: The Quantum Thief
Yes it's been a few weeks since my most recent Book Report. I've been busy. Also, my shelf of New Yorkers filled up. I keep around old issues of the New Yorker to read on occasions it doesn't make se...
Permalink
Book Report: Countdown to Zero Day
The story of Stuxnet, the little virus that crept into Iranian control systems and convinced them to destroy some centrifuges. I already knew the basics, but I learned from this book. Over time, ther...
Permalink
Book Report: No Place to Hide
It's reporter Glenn Greenwald's perspective on the Edward Snowden story. As such, it's pretty scary. Most reporters don't know how to communicate using encryption. Thus, if you're a whistleblower han...
Permalink
Book Report: Threat Modeling
There are unhelpful ways to fret over computer security. This book shows ways to channel those tendencies towards something useful. It also points out the Elevation of Privelege card game, an excuse ...
Permalink
If you lost count of the recent NSA citizen-snooping outrages but figure there are enough to justify nudging your legislators, The Day We Fight Back is a web site to guide you through that. ...
Permalink
Book Report: Exploding the Phone
There are plenty of little articles about phreaking floating around; this book does a good job of pulling lots of little bits together into a flow of history. Along the way, I learned some things. E....
Permalink
Book Report: Liars and Outliers
It's a book about security. It's a book about how to think your way through security problems. Not just thinking about where to throw up barriers—also about how to think up policies that won't ...
Permalink
Book Report: Broken Ballots
A few people want to steal elections. A few billion people want fair elections. How do you make an election un-stealable? It's not easy. Elections do't run themselves; we need election officials. Fol...
Permalink
Book Report: The Tangled Web
The Tangled Web talks about why web programming is doomed to be insecure for a long time to come. Nothing works quite right: networks, name servers, OSs, browsers, web servers, headers, cookies, form...
Permalink
Link: Cosmo, the Hacker "God" Who Fell to Earth
This article about an identy thief is pretty amazing. Perhaps 25% of its amazing-ness comes from the story itself: how on earth does a 15-year old kid get so good at navigating bureaucracy that he ca...
Permalink
Book Report: Digital Forensics with Open Source Tools
It's a book about how to look over a hard drive and find out "what happened here?" This is a useful skill for computer security—you might want to figure out how a virus or hacker took over a ma...
Permalink
Book Report: The Art of Intrusion
It's a book of hacker anecdotes. "Kevin Mitnick" is the author name on the cover, but these are stories from other hackers. They're good stories. They're not all true stories; some of them have par...
Permalink
Book Report: Zero Day
Happy USA Buy Nothing Day 2011, aka #OCCUPYXMAS. To celebrate, here's a report on a book I'm glad I checked out from the library: Zero Day. Maybe it's not quite accurate to say "I'm glad I checked o...
Permalink
Book Report: Fatal System Error
It's a book about the era of botnets. It doesn't go into the technical stuff, but comes at the story from the point of view of law-enforcement folks investigating things the old-fashioned way: talkin...
Permalink
Book Report: Kingpin
This book was a tough read, but not for the usual reasons. It's a biography of l33t Hax0r Max Vision. It's good, it makes sense, the facts hold together (better than you can hope for in most technica...
Permalink
Book Report: Underground
I've read a few books about l33t hax0rz; so far, Underground is my favorite. It has short bios of young hackers in the 90s. There were a bunch of networks; there was an Ur-internet rising up above t...
Permalink
Puzzle Hunts are Everywhere, even Meridian High School in Idaho
Tonight I played in a puzzle event. The puzzles were pretty cool! They were designed by Mike Selinker, Thomas Snyder, Tyler Hinman... and maybe others? Eric Harshbarger designed the prizes; he's a ...
Permalink
Set apartment wifi to password "openopen". Put password in the SSID so neighbors can still use it. Hackers can still snoop, but they'll have to work harder. ...
Permalink
Book Report: Nmap Network Scanning
I just got back from a 9-day tour of various western USA places as the Grand Tetons, Yellowstone, Kodachrome, and Zion National Park. Along the way, I busted my travel laptop, so I haven't been upda...
Permalink
Book Report: Tetraktys
I read this novel because it was recommended via a computer security discussion group at work. That doesn't sound like a good way to make decisions, does it? Oh, Amazon.com recommendations, why do I ...
Permalink
Book Report: Wiring up the Big Brother Machine
Google stopped censoring in China; as a result, more Google search results are censored. The Chinese people can find less stuff now. Why? Because of the "Great Firewall". The Chinese government c...
Permalink
Link: California Secretary of State on Voting Systems
I'm doing taxes today. In my California tax booklet, there's a form asking me if I'm registered to vote. That's great. We citizens are supposed to get angry about taxation without representation. ...
Permalink
chris451's comment on Caja
[Edited to add: If you have questions or concerns about Caja, the Google Caja Discuss group is a good place to ask them.] Since I switched blogging software, people who think they're commenting on m...
Permalink
Book Report: Between Silk and Cyanide
It's the autobiography of the codemaster of the SOE an English spy organization during WWII. Wait! Dont' run away! It's not just math and cryptography and war. There's good stuff in here, too. Th...
Permalink
OpenID, OAuth, Learning by Gossip
Last weekend, I did some programming. Well, not much programming. Mostly I did research preparatory to programming. Well, not exactly research. It was more un-research. I started out learning ho...
Permalink
Book Report: Security Engineering
This book is humongous! It's a survey of security computer engineering. It doesn't go into depth on any one topic, but it's got plenty of breadth. In areas where I already knew something, this boo...
Permalink
Link: AllMyData
I occasionally backed up my files. But it was always ad-hoc: zip up an archive of some files, upload it to my web server. Done by hand when I got around to it (not often). Then there was the time ...
Permalink
Link: Caja's HTML sanitizer for Javascript
[Edited to add: If you have questions or concerns about Caja, the Google Caja Discuss group is a good place to ask them.] When you write a program that's supposed to be secure, you have to plan on ...
Permalink
Link: Some thoughts on security after ten years of qmail 1.0
This guy Hans Boehm came and gave a talk at work today about upcoming C++ support for threads. That's support built into the language. It sounds like sometime in the next few years, we will have at...
Permalink
Link: Lectures on Authorization Based Access Control
If you're a programmer, you might be interested in watching some lectures about Authorization Based Access Control. Some folks from an HP research lab lectured at the GooglePlex about better & e...
Permalink
