“New Atheism” & The Philosophy of Atheism
A recent (very) public fracas between Richard Dawkins and Glenn Greenwald (both people who I respect, though for rather different reasons) left me thinking about the direction that the “New Atheism” movement is taking, and where atheism itself should be going. Religion is a difficult topic to discuss, as it evokes such passion that you often move past logic into purely emotional discussions. Some atheists, unfortunately, are just as zealous that they too lose sight of logical discourse.
Read more…The Manifesto
As a child, all of my time was spent reading – at the age of 8 or 9 I was staying up all night reading the likes of Dickens and Verne, at 11 or 12, I was tearing through encyclopedias, medical texts, and anything else I could get my hands on. I had a love for learning, for understanding, a desire to know everything, and an insatiable curiosity that often led me in interesting directions (in that ancient curse “may you have an interesting life” kind of way).
Read more…Responsible Disclosure Is Wrong
The debate around how, where, and when to disclose a vulnerability – and of course to whom – is nearly as old as the industry that spawned the vulnerabilities. This debate will likely continue as long as humans are writing software. Unfortunately, the debate is hampered by poor terminology. Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details.
Read more…Crypto Front Door: Everyone Welcome!
For decades, the US Government has fought — sometimes with itself — to prevent the use of secure cryptography. During the first crypto war, they allowed strong cryptography within the US, but other countries were limited to small keys — making brute force attacks practical. But what about those pesky US citizens? They didn’t really want them to have strong crypto either — enter key escrow. What is key escrow? According to Wikipedia:
Read more…The Evolution of Paranoia
That researchers from Kaspersky Lab uncovered malware that uses hard-drive firmware has now been throughly discussed — perhaps too much for some people. It’s not exactly Earth-shattering news either, the idea has been discussed for years, and has been publicly demonstrated. Brandon Wilson and I were even working proof of concept for SSD controllers to demonstrate this based on our BadUSB work. This isn’t about that story, exactly. This is about paranoia, and how it has changed over the last few years — and even the last few months.
Read more…Utopia Found; Utopia Lost
Sometime in the 1990’s I used a 2400-baud modem and connected to the internet for the first time; I found a new world, a better world. A world where ideas and intellect set people apart, not skin color, or political affiliation, of even the pseudo-scandal of the day (which is probably just a disguise for ignorance and intolerance). It was a time of invention, in a world where everything was new and the potential was unlimited.
Read more…Irrational Attribution: APT3.14159
Note: This is satire / fiction; well, more or less – probably more more than less. Any resemblance to real companies, living or dead, is purely coincidental. WASHINGTON, D.C — Unnamed White House officials that spoke on the condition of anonymity, have stated that a major American company has been hacked, and the attackers are threatening to release terabytes of proprietary information. The name of the company has not been released at this time.
Read more…On NSA-Proof Security
@KimZetter We need to distinguish between "proof against NSA dragnet", "proof against NSA PRISM", and "proof against NSA TAO". @runasand — zooko (@zooko) September 17, 2014 For a long time, “military grade encryption” has been a red flag for snake oil, over-hyped, under-performing garbage, so much so that it’s become a punchline. Anytime that phrase is seen, it’s assumed that the product is a joke – quite possibly doing more harm than good.
Read more…A backdoor by any other name…
Yesterday James B. Comey, the Director of the FBI continued the propaganda campaign against encryption with a fresh batch of lies and misdirection. The FBI has been pushing to add backdoors to cryptosystems around the world – no matter how many people they put at risk in the process. Starting in the 1990’s, the FBI has been at the forefront of trying to make their job easier by endangering the world.
Read more…The Sinking Ship of E-Mail Security
E-Mail, the venerable old standard for internet text messages, dating back to the early 1980s – and back to the early 1970s in other forms, has long been the “killer app” of the internet. While so many companies try to make the next great thing that’ll capture users around the world – none of these compare to the success of e-mail. It is likely the single most entrenched application-layer protocol used today.
Read more…
About Me
Security Architect at 1Password. Security researcher, engineer and software developer with more than 20 years of experience.
Work: I primarily focus on application security, usable security, secure communications, and cryptography. I build and lead strong and dynamic teams, who cover all facets of security and privacy.
Writing: I write about my research, security in general, development and software design, and leadership through my blog, essays, and various publications. I also engage in some creating writing when I can.
Photography: I am a purist fine art photographer, working primarily in black & white, and focused on sharing new perspectives of the world. Limited edition prints of my work are available on my online gallery. I also have a background in photojournalism, and volunteer in this field when I can.