Larry Hosken: New: Tag: capabilities

RSAC (the RSA computer security convention) was in town, and for a while security advertisement abounded. This ad was my favorite. Seen from across the street, the ad seemed to say that "Huntress" wa...

Permalink

Book Report: Permanent Record It's whistleblower Ed Snowden's autobiography. I'd already read+watched plenty about him and knew that he had discovered and leaked details of the NSA's unethical, illegal, and pointless spying on Am...

Permalink

Book Report: Attack Surface This novel is a sequel to Homeland and Little Brother. It's OK. It leans pretty hard on your suspension of disbelief; a major plot point involves some programmers being good both at hacking security ...

Permalink

Book Report: Cult of the Dead Cow (Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World) Nowadays we talk about the Centers for Disease Control a bunch but back in the Aughts, when we said the cDC, we probably meant the Cult of the Dead Cow. This was a group of hackers. Some of them were...

Permalink

Book Report: Silence on the Wire It's a book with ways to indirectly find out internet-security-ish info about things. E.g., if you're curious to know whether visitors to your website also frequent the San Francisco SPCA website, yo...

Permalink

If you live near SF and are interested in election machines and/or election security, you might want to visit the SF Poll Worker Practice Lab on Nov 4 where you can set up, tear down, and operat...

Permalink

Book Report: Habeas Data It's a book about recent USA data search-and-seizure law. It describes laws and supreme court cases revolving around convictions based on creepily-acquired data. So you can read about how some bay ar...

Permalink

Book Report: The Woman Who Smashed Codes Before I read this book, I vaguely knew that Elizebeth Friedman was a skilled codebreaker but figured I would never know the deets since her work was classified. But this biography pulls some impres...

Permalink

Book Report: American Spies It's a summary of the USA surveillance debacle of recent decades. Such a summary can be useful. For a lot of these tech-y news-summary books, I say "Why would I read that? I followed the news then." ...

Permalink

Book Report: Data and Goliath Bruce Schneier once again writing a normal-person-understandable policy-ish book about implications of computer security SNAFU. Plenty of organizations gather info about us. Some of this information...

Permalink

Job search is done: I accepted an offer at Token, which writes software to help banks do bank-y things on the internet. Many thanks and appreciations to folks who pointed me at places, pointed places...

Permalink

Book Report: Dragnet Nation In which a reporter explores preserving privacy, trying out tools and processes to keep governments and companies from learning about her. This book could easily have devolved into tinfoil-hattery, b...

Permalink

I'm kind of embarrassed about how long it took me to install Signal. I assumed it would take a while to set up. It's a security app written by security people. Surely there would be questions I didn'...

Permalink

Book Report: The Quantum Thief Yes it's been a few weeks since my most recent Book Report. I've been busy. Also, my shelf of New Yorkers filled up. I keep around old issues of the New Yorker to read on occasions it doesn't make se...

Permalink

Book Report: Countdown to Zero Day The story of Stuxnet, the little virus that crept into Iranian control systems and convinced them to destroy some centrifuges. I already knew the basics, but I learned from this book. Over time, ther...

Permalink

Book Report: No Place to Hide It's reporter Glenn Greenwald's perspective on the Edward Snowden story. As such, it's pretty scary. Most reporters don't know how to communicate using encryption. Thus, if you're a whistleblower han...

Permalink

Book Report: Threat Modeling There are unhelpful ways to fret over computer security. This book shows ways to channel those tendencies towards something useful. It also points out the Elevation of Privelege card game, an excuse ...

Permalink

If you lost count of the recent NSA citizen-snooping outrages but figure there are enough to justify nudging your legislators, The Day We Fight Back is a web site to guide you through that. ...

Permalink

Book Report: Exploding the Phone There are plenty of little articles about phreaking floating around; this book does a good job of pulling lots of little bits together into a flow of history. Along the way, I learned some things. E....

Permalink

Book Report: Liars and Outliers It's a book about security. It's a book about how to think your way through security problems. Not just thinking about where to throw up barriers—also about how to think up policies that won't ...

Permalink

Book Report: Broken Ballots A few people want to steal elections. A few billion people want fair elections. How do you make an election un-stealable? It's not easy. Elections do't run themselves; we need election officials. Fol...

Permalink

Book Report: The Tangled Web The Tangled Web talks about why web programming is doomed to be insecure for a long time to come. Nothing works quite right: networks, name servers, OSs, browsers, web servers, headers, cookies, form...

Permalink

Link: Cosmo, the Hacker "God" Who Fell to Earth This article about an identy thief is pretty amazing. Perhaps 25% of its amazing-ness comes from the story itself: how on earth does a 15-year old kid get so good at navigating bureaucracy that he ca...

Permalink

Book Report: Digital Forensics with Open Source Tools It's a book about how to look over a hard drive and find out "what happened here?" This is a useful skill for computer security—you might want to figure out how a virus or hacker took over a ma...

Permalink

Book Report: The Art of Intrusion It's a book of hacker anecdotes. "Kevin Mitnick" is the author name on the cover, but these are stories from other hackers. They're good stories. They're not all true stories; some of them have par...

Permalink

Book Report: Zero Day Happy USA Buy Nothing Day 2011, aka #OCCUPYXMAS. To celebrate, here's a report on a book I'm glad I checked out from the library: Zero Day. Maybe it's not quite accurate to say "I'm glad I checked o...

Permalink

Book Report: Fatal System Error It's a book about the era of botnets. It doesn't go into the technical stuff, but comes at the story from the point of view of law-enforcement folks investigating things the old-fashioned way: talkin...

Permalink

Book Report: Kingpin This book was a tough read, but not for the usual reasons. It's a biography of l33t Hax0r Max Vision. It's good, it makes sense, the facts hold together (better than you can hope for in most technica...

Permalink

Book Report: Underground I've read a few books about l33t hax0rz; so far, Underground is my favorite. It has short bios of young hackers in the 90s. There were a bunch of networks; there was an Ur-internet rising up above t...

Permalink

Puzzle Hunts are Everywhere, even Meridian High School in Idaho Tonight I played in a puzzle event. The puzzles were pretty cool! They were designed by Mike Selinker, Thomas Snyder, Tyler Hinman... and maybe others? Eric Harshbarger designed the prizes; he's a ...

Permalink

Set apartment wifi to password "openopen". Put password in the SSID so neighbors can still use it. Hackers can still snoop, but they'll have to work harder. ...

Permalink

Book Report: Nmap Network Scanning I just got back from a 9-day tour of various western USA places as the Grand Tetons, Yellowstone, Kodachrome, and Zion National Park. Along the way, I busted my travel laptop, so I haven't been upda...

Permalink

Book Report: Tetraktys I read this novel because it was recommended via a computer security discussion group at work. That doesn't sound like a good way to make decisions, does it? Oh, Amazon.com recommendations, why do I ...

Permalink

Book Report: Wiring up the Big Brother Machine Google stopped censoring in China; as a result, more Google search results are censored. The Chinese people can find less stuff now. Why? Because of the "Great Firewall". The Chinese government c...

Permalink

Link: California Secretary of State on Voting Systems I'm doing taxes today. In my California tax booklet, there's a form asking me if I'm registered to vote. That's great. We citizens are supposed to get angry about taxation without representation. ...

Permalink

chris451's comment on Caja [Edited to add: If you have questions or concerns about Caja, the Google Caja Discuss group is a good place to ask them.] Since I switched blogging software, people who think they're commenting on m...

Permalink

Book Report: Between Silk and Cyanide It's the autobiography of the codemaster of the SOE an English spy organization during WWII. Wait! Dont' run away! It's not just math and cryptography and war. There's good stuff in here, too. Th...

Permalink

OpenID, OAuth, Learning by Gossip Last weekend, I did some programming. Well, not much programming. Mostly I did research preparatory to programming. Well, not exactly research. It was more un-research. I started out learning ho...

Permalink

Book Report: Security Engineering This book is humongous! It's a survey of security computer engineering. It doesn't go into depth on any one topic, but it's got plenty of breadth. In areas where I already knew something, this boo...

Permalink

Link: AllMyData I occasionally backed up my files. But it was always ad-hoc: zip up an archive of some files, upload it to my web server. Done by hand when I got around to it (not often). Then there was the time ...

Permalink

Link: Caja's HTML sanitizer for Javascript [Edited to add: If you have questions or concerns about Caja, the Google Caja Discuss group is a good place to ask them.] When you write a program that's supposed to be secure, you have to plan on ...

Permalink

Link: Some thoughts on security after ten years of qmail 1.0 This guy Hans Boehm came and gave a talk at work today about upcoming C++ support for threads. That's support built into the language. It sounds like sometime in the next few years, we will have at...

Permalink

Link: Lectures on Authorization Based Access Control If you're a programmer, you might be interested in watching some lectures about Authorization Based Access Control. Some folks from an HP research lab lectured at the GooglePlex about better & e...

Permalink

Tags