infosec ⁽¹⁹⁾

The UK Prime Minister, David Cameron, says he's going to ban strong encryption within his country. Somehow this is going to make everyone safe from terrorists. I have some questions: When that notoriously left-wing publication, Forbes, caught up with Internet security expert Bruce Schneier for his…

UK intelligence agencies are claiming that they are having to move agents who are endangered in the field, and according to this report the reason is... Edward Snowden! I must say, this has the stink of the barnyard.  Information about the nature of surveillance programs, which is…

Email I received from the ACLU this morning. Timely! Also attributed to Mr. Snowden - and I love this one: Hi David– Simple truths can change the world. Two years ago today, in a Hong Kong hotel room, three journalists and I waited nervously to…

This WaPo article gives us an historical perspective on why the Internet was designed to operate mostly with no encryption.  The money quote: This is really a great piece on how the internet morphed from an academic & defense research project to the collective nervous…

We website developers put up with a lot from those security folks.  We're constantly hearing them nag us to do boring things like scrub inputs to prevent SQL injection flaws.  Enforce up-to-date encryption standards.  Quit putting auth tokens into URLs.  All of these things would…