Thank you Word Press! WordPress has turned on HTTPS for all blogs, and my blog is hosted at WordPress. They deserve recognition for being proactive in the fight for privacy. But we need more from the browsers. Continue reading
Ed Snowdon spoke yesterday at the SXSW conference on the importance of using encryption to keep the data the runs our businesses (and personal life) safe. I refresh the call to eliminate the scary warning that browsers give when using a self-signed encryption key. It does not make anyone safer, and stands in the way of regular usage of HTTPS. Continue reading
After installing Windows, I always disable all of the auto-run features on all of the drives. This one action alone will protect you from half of the malware out there. Continue reading
The bane of social networking sites is the need to register one more username, one more password, and once more to fill in some sharable details. That is sooooo 2008. I am registering with a conference so I can select interesting presentations, and reminded once again how much I hate registering for sites. Continue reading
OpenID is slowly slowly gaining adoption. Here is a list of resources relevant to cloud identity, authentication, and authorization.
Want users to use your cloud-based web site? Follow these guidelines, so that users can sign up easily and use it. Sadly, there are soooo many ways that web sites can do this wrong. The result is a bewildering variety of inconsistent and sometimes incomprehensible mechanisms that unnecessarily annoy the very users you are trying to attract. Continue reading
This post is about secure internet protocols, and mainly about a bizarre phenomenon that prevents us from using SSL security in many situations where it would be useful. What is bizarre is that I don’t think anyone intends it, but there seems to be a natural reaction that leads to less secure systems. While some might attribute this cynically to element who want to make money, I don’t think that is the real driver in this case. Instead, it seems to be natural tendency toward the “security purist” who would rather be completely open and unprotected than to be partially safe. Continue reading
Web site security is a very important issue to me. I find it frustrating sometimes dealing with people who operate based more on superstition and urban legends than on solid principles. Part 4 is about some strange behavior I have seen in security groups and other insanity. Continue reading