20 Jul 2012 dmarti   » (Master)

Security links

Some recent thought-provoking articles on security.

Instead of annoying CAPTCHAs, try "Design, Limit and Trapdoor" to limit damage from problem users: DLT is better than CAPTCHA

Roll your own middlebox: Low power silent firewall (and maybe help fix the broken Internet).

DRM is not really security, but often mixed up with it. Must-read from Charles Stross: More on DRM and ebooks. Joe Brockmeier: Publishers Starting to Reject e-Book DRM

Mozilla Persona gains features: Streamlining Login with Privacy Policy and Terms of Service APIs

Pay attention to that Persona thing. Doing passwords right is hard. Everything you ever wanted to know about building a secure password reset feature, How Companies Can Beef Up Password Security

Steven M. Bellovin on government-backed malware: Flame On! Two from Brian Krebs: EU to Banks: Assume All PCs Are Infected and How to Break Into Security, Schneier Edition.

This looks like a lot of work to do within existing web frameworks: Database level security in webapps (so do we need better frameworks?)

Syndicated 2012-07-19 23:58:51 from Don Marti

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!