Everything Tagged "Security"

(In reverse chronological order)

A letter on NSA surveillance

I wish I could make more concrete policy recommendations, but in this case all I can say is “this looks troubling.” Here’s the letter I sent to my representatives today:

Dear Senator Feinstein,

It Boggles the Mind

Microsoft released this little gem today, fixing a bug which allowed remote code execution on all Windows Vista, 6, and Server 2008 versions.

...allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system.

Do not expose Riak to the internet

Major thanks to John Muellerleile (@jrecursive) for his help in crafting this.

Actually, don’t expose pretty much any database directly to untrusted connections. You’re begging for denial-of-service issues; even if the operations are semantically valid, they’re running on a physical substrate with real limits.

Systems Security: A Primer

The riak-users list receives regular questions about how to secure a Riak cluster. This is an overview of the security problem, and some general techniques to approach it.


Hello, law enforcement!

Hello, law enforcement. I suspect you’re reading this because, as a TSA supervisor told me recently, “… we are interested in you”.

Yes, I asked to fly selectee–to not provide ID–at Denver International recently. Yes, I’ve done this before. Yes, there was a lot of confusion between TSA employees on whether that was legal or not–eventually M. Gatling of the DIA police told me I was required to display ID. Yes, I opted out of AIT. Yes, it did take no fewer than eight TSA officers, airline representatives, and police about 45 minutes to determine I posed no threat. Yes, I was exceedingly polite, and most of us got along quite well. Yes, I was asked all kinds of questions I was under no obligation to answer (among them my address and phone number), and no, the TSA supervisor was not very pleased that I asked whether I was legally required to respond.

Breaking Into Cars

Carrie (one of my summer housemates) locked herself out of her car earlier this week. She gave Justin and I a call, asking us to contact a local locksmith. Rather than go to the expense of calling a locksmith after hours, we offered to try to break in first.

I’d never tried, or really thought about, breaking into a car before. I don’t drive my car very often, and I don’t tend to leave my keys behind, so it had never really occurred to me that I might need to know how, but here was a chance to find out. We stopped by the house, picked up a wire coat hanger and a pair of wire cutters, and drove out to the store she had parked in front of. “Thank goodness you’re here,” she exclaimed, and showed us her key-containing purse, neatly tucked away on the back seat.