…tell them to go out there with all they got and win just one for the Clipper.

The US governments wants to weaken encryption and put in mandatory backdoors which will damage security. It was a ridiculous and terrible idea the last time they tried it, in the 1990s. We’re still fighting to eliminate the security problems they introduced then. We fought this battle and settled it already, why are we fighting it again..?


Bob: “You were an idiot to use LastPass. Now the hackers have your LastPass password!” Alice: “No, they don’t. They have a hash generated with at least 5000 rounds of SHA-256. They still need to crack that or brute force your password, which isn’t likely unless they’re the NSA. And they have to crack it before I get around to changing my master password.” Bob: “Well, I still don’t like that your passwords are all on someone else’s server where they can be stolen.

The OPM “hack” and related matters

As government officials answered questions about the recent Office of Personnel Management data breach, former and current congressional staffers processed the notices they are receiving from the agency that they, too, were affected by the breach. A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project “was in Argentina and his co-worker was physically located in the [People’s Republic of China].

The “Open Web Alliance”

“OWA develops requirements for an open service optimization proxy to meet the service needs of all stakeholders in the web ecosystem while supporting the goals of encryption and privacy.” Sounds good, right? But when you start to read the news articles they link to, the true agenda begins to become apparent. Network operators are having trouble with SPDY-based web traffic because of the way the proxy encapsulates multiple traffic flows into a single encrypted tunnel, making all of that traffic invisible to the network, and in essence, disabling network-based services including firewalls, parental controls, policy management, traffic-shaping, and more.

About that word “Pro”…

« Website security is a complicated subject and you don’t want to go at it alone, especially if you’re not quite sure how everything works. iThemes Security Pro customers get 1 year of ticketed support, so you know our support team is ready to help you when you need it. […] iThemes Security shows you a list of things to do to make your site more secure with a simple way to turn options on or off.

TSA queue-jumpers: a rant

Remember the story about how rich people were hiring disabled people to accompany them in Disneyland, so that they could skip the lines for the popular rides? Remember how it turned out that there was an official service to let rich people skip the lines at Disneyland? Does it make you feel angry when some entitled 1%er gets to cut in front like that, just because they have money to burn?

Secure instant messaging: a brief guide

So, you’re angry about the NSA logging all your instant messages and phone calls, and want to do something about it? Here’s some info on what you can do. To start off, I assume that your goal is cross-platform secure messaging. That is, solutions which don’t interoperate with other platforms aren’t useful, because not all your friends use the same OS as you. Also not useful is SMS, because not everyone uses their phone for everything.


For the last 6 years, Microsoft has been quietly shipping Macrovision DRM software embedded in Windows, in order to “increase compatibility and playability” of video games. Unfortunately, there’s a bug in the DRM code which allows privilege escalation. So Windows boxes are now being pwned across the Internet. The best part: this video game DRM has been shipping in Windows Server 2003. Yeah, I bet lots of people need video game compatibility on Windows Server.

Chairs are flying

What’s slightly worse than working with whale feces? Working on security at Microsoft, according to Popular Science.

State department pwned, thanks to Microsoft

From AP via Slashdot and Yahoo: A break-in targeting State Department computers worldwide last summer occurred after a department employee in Asia opened a mysterious e-mail that quietly allowed hackers inside the U.S. government’s network. In the first public account revealing details about the intrusion and the government’s hurried behind-the-scenes response, a senior State Department official described an elaborate ploy by sophisticated international hackers. They used a secret break-in technique that exploited a design flaw in Microsoft software.