Don Marti
Thu 19 Jul 2012 04:58:51 PM PDT
Security links
Some recent thought-provoking articles on security.
Instead of annoying CAPTCHAs, try "Design, Limit and Trapdoor" to limit damage from problem users: DLT is better than CAPTCHA
Roll your own middlebox: Low power silent firewall (and maybe help fix the broken Internet).
DRM is not really security, but often mixed up with it. Must-read from Charles Stross: More on DRM and ebooks. Joe Brockmeier: Publishers Starting to Reject e-Book DRM
Mozilla Persona gains features: Streamlining Login with Privacy Policy and Terms of Service APIs
Pay attention to that Persona thing. Doing passwords right is hard. Everything you ever wanted to know about building a secure password reset feature, How Companies Can Beef Up Password Security
Steven M. Bellovin on government-backed malware: Flame On! Two from Brian Krebs: EU to Banks: Assume All PCs Are Infected and How to Break Into Security, Schneier Edition.
This looks like a lot of work to do within existing web frameworks: Database level security in webapps (so do we need better frameworks?)