Category: Security

Software security topics

Prison Window

The Prisoners Dilemma of Defect Disclosure

Jeff Mlakar2 Comments

Cory Doctorow wrote an excellent piece about the disclosure of software security defects. The post “Telling the Truth About Defects in Technology Should Never, Ever, Ever Be Illegal. EVER.” spells out the current predicament and suggests a way forward.

This topic is contemporary, impactful, and fascinating. It spans various domains such as InfoSec, free speech, censorship, and private corporate rights

Read on as I analyze the article and offer my thoughts about security vulnerability disclosures.

Feature Image Attribution and License.

Read More »

Knowledge Based Authentication and Data Breaches – Your Security Questions Are Belong to Us

Jeff Mlakar4 Comments

All your security questions are belong to us

Troy Hunt recently testified before the US Congress about Data Breaches. The focus was how data breaches affect knowledge based authentication. Identity verification in a post breach world is more challenging than ever.

His testimony is available on his blog. It is worth a read – I’ll wait here until you return.

You can watch the hearing on YouTube. (1.5 hours)

Much of his talk comes from his experience running a website tracking data breaches. If you have not already checked your information in Have I Been Pwned take a look. You can have it notify you if your account has been in a data breach.

Read More »