Archive for 'Computer Security'
Ed Felten on Electronic Voting
Although Ed Felten has recently gotten tons of press about his research group’s recent analysis of breaking hard drive encryption, I wanted to talk about some research that he’s done previously on electronic voting for several reasons. First, I mentioned voting in my last post. Second, I have blogged about electronic voting here […]
Posted: February 23rd, 2008 under Computer Security, Politics and Law, Technology.
Comments: none
Warrantless Wiretapping and Retroactive Immunity
One of the most highly charged pieces of legislation that has been passed by Congress in recent years is the Protect America Act. Probably the only good thing about it is the sunset provision that ensures it will expire in its current form unless Congress acts to renew it or make it permanent. […]
Posted: January 31st, 2008 under Computer Security, Politics and Law, Technology.
Comments: none
The Non-Death of RealID
Slashdot recently reported on an ArsTechnica article on the death of RealID. There are several things to take from this.
First, RealID is horrible from a privacy and liberty standpoint. This is well-known to anyone who actively concerns themselves with these sorts of issues. It is essentially a national ID card. Depending […]
Posted: November 7th, 2007 under Computer Security, Life, Politics and Law.
Comments: none
The (Near) Future of Surveillance
There’s a BBC article that was posted this past Saturday entitled Big Brother is watching us all. I am leary of reading traditional media articles about privacy because many of them are inflammatory and most seem to provide and distorted view of what most reasonable privacy advocates are actually advocating. However, I was […]
Posted: September 17th, 2007 under Computer Security, Life, Politics and Law.
Comments: none
The Principle of Least Privilege in a Democracy
There’s a principle in computer security that is the basis of access control as we know it. This principle is called The Principle of Least Privilege. The idea is that you should only provide the minimum amount of rights needed for someone to do the things they need to do. For example, […]
Posted: September 4th, 2007 under Computer Security, Life, Politics and Law.
Comments: none
Disaster Recovery Communications
Sometimes I have to try actively to avoid a “me too” post after Bruce Schneier’s latest article goes up on Wired. However, I will indulge myself this time because his latest article is about disaster recovery communications. I feel very strongly about this and Bruce speaks so eloquently about it that I would […]
Posted: August 31st, 2007 under Computer Security, Life, Politics and Law.
Comments: none
The Security of GMail
The privacy of GMail has annoyed me for some time now, but I found another reason to dislike it. Apparently someone designed a point and click tool to hack GMail accounts. It was demoed recently at Black Hat in Las Vegas.
Now, some of the things that are demoed at these conferences are pretty […]
Posted: August 4th, 2007 under Computer Security, Technology.
Comments: none
Disaster Planning and Security
Bruce Schneier’s latest article for Wired talks about disaster planning as an important part of the security process. Specifically, he’s talking about picking a disaster that has a reasonable likelihood of being mitigable. For example, it’s pointless for an individual or business to “plan” for a nuclear winter, but that might be exactly […]
Posted: July 26th, 2007 under Computer Security, Technology.
Comments: none
Email Greeting Card Scam
I am not sure if I have mentioned it before on this site, but Brian Krebs is a journalist at the Washington Post and maintains a blog called Security Fix. If you are not a security person and you only really care about computer security issues that would affect you as a generic computer […]
Posted: July 19th, 2007 under Computer Security, Technology.
Comments: none
Accountability and Data Breaches
One of the biggest reasons that computer security is so lax across many private industries is that there is a serious lack of accountability. If a business has a massive data breach, currently the only major or direct consequence of that breach to the business is a public relations problem of some degree. […]
Posted: June 25th, 2007 under Computer Security, Politics and Law.
Comments: none