Don Marti

Thu 19 Jul 2012 04:58:51 PM PDT

Security links

Some recent thought-provoking articles on security.

Instead of annoying CAPTCHAs, try "Design, Limit and Trapdoor" to limit damage from problem users: DLT is better than CAPTCHA

Roll your own middlebox: Low power silent firewall (and maybe help fix the broken Internet).

DRM is not really security, but often mixed up with it. Must-read from Charles Stross: More on DRM and ebooks. Joe Brockmeier: Publishers Starting to Reject e-Book DRM

Mozilla Persona gains features: Streamlining Login with Privacy Policy and Terms of Service APIs

Pay attention to that Persona thing. Doing passwords right is hard. Everything you ever wanted to know about building a secure password reset feature, How Companies Can Beef Up Password Security

Steven M. Bellovin on government-backed malware: Flame On! Two from Brian Krebs: EU to Banks: Assume All PCs Are Infected and How to Break Into Security, Schneier Edition.

This looks like a lot of work to do within existing web frameworks: Database level security in webapps (so do we need better frameworks?)