Mandatory HTTPS for everyone

Posted on Thu 25 May 2017 in Dispatches • Tagged with encryption, meta, networking, privacy, security • 2 min read

These days, encryption is more important than ever. You don’t need to look any farther than the national news for reasons why. Even small sites that don’t provide user accounts should consider it. I was reminded of this recently when I came across a post by Jeff Atwood …


Continue reading

Doctorow on Talking to Children About Surveillance

Posted on Sun 04 May 2014 in Dispatches • Tagged with nsa, politics, privacy, security, surveillance • 1 min read

Great article from Cory Doctorow on the conversations he’s had with his six year old daughter about mass surveillance. What’s particularly revealing is which concepts she intuitively grasps from her own experience with technology, and how that aligns with research done on the online habits of children.

Kids …


Continue reading

Bleach: HTML Sanitization

Posted on Mon 03 January 2011 in Dispatches • Tagged with development, html, python, security • 1 min read

Bleach is a rather clever Python module for sanitizing HTML input and auto-linking URLs. It uses a whitelist for the allowed elements and attributes (thank God), and will avoid trying to “linkify” URLs that are already within an anchor element. The way it pulls this off is to build an …


Continue reading

Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts (via OpenID)

Posted on Wed 09 September 2009 in Dispatches • Tagged with government, openid, privacy, security • 1 min read

This is an enormous win for OpenID, but it is also a huge risk if anything goes wrong with such a high-profile project. Obviously, it will all depend on the implementation, and if all goes well it will give OpenID the push it needs to increase the number of consumers …


Continue reading

Strong passwords no panacea as SSH brute-force attacks rise

Posted on Thu 15 May 2008 in Dispatches • Tagged with apple, linux, security, ssh, sshd • 1 min read

Okay, if you still have your box configured to allow remote logins as “root”, then you deserve anything you get. Otherwise, start using strong passphrases (not a password, those are too easy), or if you can swing it with your work flow, use an ssh key rather than a text-based …


Continue reading

Lest We Remember: Cold Boot Attacks on Encryption Keys

Posted on Thu 21 February 2008 in Dispatches • Tagged with encryption, security • 1 min read

Via Boing Boing:

This is definitely not good. Don’t leave your encrypted laptop in on/suspended in public kids! Also, if you aren’t at least encrypting your /home directory (or wherever you keep your personal files), congrats on earning the EPIC FAIL.


Continue reading