Rick Smith

Not the Droid

I recently migrated from my venerable Palm Treo 700 to a Blackberry Storm II. In between I had a brief fling with a Droid, but jettisoned it after about a day. There were two problems. First, it's too much like having a laptop instead of a phone, IMHO. Second, I don't like the security model.
When... more »

The blunt sword of legislation

Minnesota's Senator Klobuchar has co-sponsored a bill to criminalize certain behavior by peer-to-peer file sharing programs.
The bill is supposed to require a sort of informed consent by computer owners whenever a P2P file sharing program arrives. Here's what the bill wants to require:
• Ensures... more »

The cost of security failure

Marcus recently finished this 'creative project' as he calls it. Having just walked a class through numeric risk assessment, the basic lesson is especially apt.. more »

Paying for Identity

Marcus Ranum and Bruce Schneier recently had another one of their "face-offs," this time, discussing anonymity on the Internet. Bruce argued strongly in favor of it, but then so did Marcus – with a cleverly nuanced argument.
The problem with Internet anonymity is that it's so incredibly cheap... more »

Profiling ("Fingerprinting") a Browser

EFF (Electronic Frontier Foundation) has put up a web site called Panopticlick.
It collects every scrap of info from your browser that it can – a browser will divulge a lot in order to optimize its display of information – so a server can find your screen size, a list of fonts, and of... more »

RockYou and Password Choices

A social networking site called Rockyou.Com was hacked a few months ago, and someone was thoughtful enough to tell them about it in December. After some dithering, they announced it to their user community.
Unfortunately, they were trying to do site aggregation stuff – using other site login... more »