Connection: Wiretap Laws

I’m experimenting with a new kind of post, where I simply make a connection between two or more ideas, usually with little or no commentary. Here’s the first one: Ed Felten, yesterday: CALEA II: Risks of wiretap modifications to endpoints Today I joined a group of twenty computer scientists in issuing a report criticizing an FBI plan toContinue reading “Connection: Wiretap Laws”

Time Limits on Browser Plugins?

When Steve Gibson talked on Security Now 398 about how few users’ Java plugins are actually up-to-date, this question hit me: Should browser plug-ins have built-in expiration dates? The problem with having all of these old Java versions running around is that attacks always get better. How much more sophisticated are the attacks of todayContinue reading “Time Limits on Browser Plugins?”

Heads-Up for LinkedIn Users

If you have a LinkedIn account, stop what you’re doing and change your LinkedIn password immediately. I’m not kidding–just do it. Once you’re logged in, click on your name near the upper-right corner, click Settings from the menu, click the Account tab near the lower-left corner, and click Change password. Now that you’ve changed yourContinue reading “Heads-Up for LinkedIn Users”

Internet Wiretap Bill Misses the Mark

Charlie Savage reported Monday in the New York Times that the Obama administration is seeking legislation that would require “back-doors” in all encryption products and services in the US. Of course, they cite terrorism as a primary motivation. How best to balance the needs of law enforcement (and of government in general) with the privacyContinue reading “Internet Wiretap Bill Misses the Mark”

When Low Tech Is the Best Tech

We’ve been thinking about developing a quick application to replace a paper HR process—should be a simple state machine with four possible states: Submitted, Accepted, Rejected, and Completed. But then we realized we would need email notifications and a coherent security model. These requirements—workflow, notification, and security—happen reasonably well in the old paper model. NotContinue reading “When Low Tech Is the Best Tech”

The Enterprise Information Protection Paradigm

It used to be that network infrastructure was one of an organization’s most valuable assets and security was geared toward protecting the infrastructure; but costs are falling, and the network has become a commodity. Meanwhile, the volume and value of information stored electronically are growing rapidly. For this reason, Dan Greer advocates a paradigm shiftContinue reading “The Enterprise Information Protection Paradigm”