Vijith Assar on Security Risks from Billionaires
·118 words·1 min
Quotes tech security open source
Writing for Wired, Vijith Assar raises some excellent points on how bad actors with capital are the most dangerous threat to any system. Capital can kill code. Capital can kill anything.
18 Essential Apps for Getting Shit Done
·2366 words·12 mins
Articles assorted geekery tech productivity writing security
OMG, a workflow post! Apps, tools, productivity, oh my! Listen, we all know that no app can make you more productive by itself. Your methods are always more important than your tools.
Mandatory HTTPS for everyone
·310 words·2 mins
Articles meta encryption networking security privacy
These days, encryption is more important than ever. You don’t need to look any farther than the national news for reasons why. Even small sites that don’t provide user accounts should consider it.
Doctorow on Talking to Children About Surveillance
·180 words·1 min
Articles politics nsa surveillance privacy security
Great article from Cory Doctorow on the conversations he’s had with his six year old daughter about mass surveillance. What’s particularly revealing is which concepts she intuitively grasps from her own experience with technology, and how that aligns with research done on the online habits of children.
Bleach: HTML Sanitization
·132 words·1 min
Articles development python html security
Bleach is a rather clever Python module for sanitizing HTML input and auto-linking URLs. It uses a whitelist for the allowed elements and attributes (thank God), and will avoid trying to “linkify” URLs that are already within an anchor element.
Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts (via OpenID)
·127 words·1 min
Articles government openid privacy security
This is an enormous win for OpenID, but it is also a huge risk if anything goes wrong with such a high-profile project. Obviously, it will all depend on the implementation, and if all goes well it will give OpenID the push it needs to increase the number of consumers as opposed to providers, which is a ratio that is sorely lopsided at the moment.
Strong passwords no panacea as SSH brute-force attacks rise
·174 words·1 min
Articles apple linux security ssh sshd
Okay, if you still have your box configured to allow remote logins as "root", then you deserve anything you get. Otherwise, start using strong passphrases (not a password, those are too easy), or if you can swing it with your work flow, use an ssh key rather than a text-based login.
Lest We Remember: Cold Boot Attacks on Encryption Keys
·41 words·1 min
Articles encryption security
Via Boing Boing: This is definitely not good. Don’t leave your encrypted laptop in on/suspended in public kids! Also, if you aren’t at least encrypting your /home directory (or wherever you keep your personal files), congrats on earning the EPIC FAIL.