Posts tagged security

security

Freedom to Tinker

With elections on our minds (vote Tuesday!) here's Ed Felton describing a new voting system called E2E-V. I'm not sure I get the nuances of the coin-flip challenge voters but it sounds like a much better system than our current black-box, insecure, privately owned machines. And of course my favorite system is Oregon's statewide mail-in system. I'm sure it's not as secure as end-to-end verifiable cryptography but I think the convenience and ease of understanding how it works means more people participate.

Recommended · Nov 5^th, 2018, 8:11 am

Strange Loop IP Spoofing Talk

An engineer at Cloudflare shares some data from the front lines of fighting DDoS attacks. He also makes the connection between DDoS and service centralization and offers some potential solutions. (Unfortunately I don't see any incentive for big companies to fix this problem.)

Oct 7^th, 2016, 9:03 am

My First 5 Minutes On A Server

Or, Essential Security for Linux Servers. Nice quick checklist.

Jun 16^th, 2016, 5:00 pm

Let's Encrypt

This is a fantastic idea! You install a bit of software on your server to automate the security certificate garbage. It'd be great for low-stakes sites where the hassle of setup is the barrier.

Dec 4^th, 2015, 5:00 pm

Apple: Untrustable « random($foo)

Leonard has a great summary of the Apple security problem: "Either Apple’s security was so incompetent or negligent that they have not been aware of what was going on, or they knew, but actively ignored the issue and decided that it was not worth fixing."

Sep 10^th, 2014, 5:00 pm

Heartbleed should bleed X.509 to death

Excellent rant about the state of SSL/TLS in the wake of Heartbleed. Plus: PGP!

Apr 9^th, 2014, 5:00 pm

Keybase

This looks like a nice stab at making public key cryptography more user-friendly.

Mar 6^th, 2014, 5:00 pm

AWS Tips, Tricks, and Techniques

Good list of ideas for setting up secure systems at AWS.
AWS Tips I Wish I'd Known Before I Started

More lessons learned from hosting at AWS.

Feb 5^th, 2014, 5:00 pm

Qualys: SSL/TLS Deployment Best Practices

Trying to mitigate all of the known SSL exploits is a challenge. This document is a good summary of current best practices.
Free Library of Philadelphia: Eric Schlosser on Command and Control

Remember your friend from the Cold War, existential terror? It's back in Eric Schlosser's new book. This is a great talk he gave about it. "The consciousness of our nuclear arsenal vanished, but the danger has never left us."

Sep 26^th, 2013, 5:00 pm

Bruce Schneier: The US government has betrayed the internet. We need to take it back

"To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it."

Sep 6^th, 2013, 5:00 pm

Emptyage: Yes, I was hacked. Hard.

Mat Honan is experiencing a nightmare cascade failure of interconnected services. This is a good reminder to back things up and make sure your passwords are unique for each service.

Aug 4^th, 2012, 4:00 pm

Stack Overflow: Google Authenticator available as a public service?

Some good information here about using Google's iOS Authenticator app to implement 2-factor authentication at any website.

Nov 4^th, 2011, 5:00 pm

« Older posts / Newer posts »

Showing 25 through 36 of 69 posts tagged security.

onfocus

security