-
Idea for how to secure my digital assets
Here’s an outline for how this problem could be solved. Note that this is only about “archived”, “backed-up” versions of the data, not production use. E.g. to edit my family pictures, I continue to have them on my PC. And to log into a website, I continue to use a local password manager. This is […]
-
Further thoughts on how to secure my digital assets
Further thoughts on this problem. It appears that my different digital assets should be managed using different protection levels. Examples: I don’t want my family photos to be publicly accessible. But if a few are, or even if all of them are, that’s a much smaller problem than if the login information for all of […]
-
It’s Time To Abolish SSL Certificate Authorities
Yet another case this week where unsuspecting users were compromised because a certificate authority that they had never heard of screwed up. In case you hadn’t heard, they issued a certificate for google.com (Google!) to somebody other than Google, and apparently that certificate was in fact used to compromise users in Iran. This is not […]
-
Hayden: Google Acting as a Nation-State
Great to see somebody on top of things, here Michael Hayden, previously director of the NSA and the CIA in the context of the Shady Rat attacks: “You see Google acting in some ways as nation-states used to act, exercising to the best of their ability some attributes traditionally associated with sovereign states. ‘We’re going […]
-
“HTTPS Now” Campaign Unfortunately Does Not Fix the Problem
EFF activist Eva Galperin in quoted in a ReadWriteWeb article introducing their new campaign: “HTTPS provides the minimum level of security for websites. Without it, no site can make any meaningful security or privacy guarantees to its users.” Well, wouldn’t that be nice! Particularly if HTTPS actually were providing that security. For a counter-point, read […]