Click the comments link on any
story to see comments or add your own.
Subscribe to this blog
Home :: Internet
25 Sep 2019
Earlier this year I gave a talk as a UASG Ambassador
at the eco talk at the CSA summit in Cologne.
We did a video interview which they finally finished editing
and put on their web site here.
eco have a little more info their web site at
The camera angle is a little odd but other than that I think it
came out well.
Stable link is https://jl.ly/Internet/uainterview.html
22 Aug 2019
Apropos of recent news stories about a blockchain based voting system
that was hacked before its first election, someone asked:
Perhaps final recognition that a lot of blockchain is hype? Or
simply an interesting side-story?
A blockchain can ensure that the lies you see are the same lies that
were published, but that doesn't have much to do with voting.
Voting has a very peculiar security model -- you need to verify that each
person voted at most once, you need to count all of the votes for each
candidate, and you need not to link the two. A lot of very bad voting
systems are built by people who wrongly assume that its security model
is similar to something else, which it is not.
An obvious example is Diebold who built voting machines that worked
like ATMs, which was a disaster, since the way you audit ATMs depends
on the details of each transaction being linked to the person doing
Paper ballots have a lot to recommend them. It's easy for poll
workers to observe that each voter puts one ballot into the box,
they're relatively easy to count (we use mark sense machines here) and
compared to the spaghetti code in direct recording machines, they're
quite tamper resistant.
Stable link is https://jl.ly/Internet/notvote.html
17 Mar 2019
The IETF is in the midst of a vigorous debate about DNS over HTTP or DNS over HTTPS,
abbreviated as DoH. How did we get there, and where do we go from here?
See more ...
Stable link is https://jl.ly/Internet/dohsofar.html
24 Jan 2019
I'm moving some of my financial accounts to Lively, a fintech startup.
We've had the usual chit-chat about details of where the money is coming
from on the messaging system on their web site. It works fine, when
there's something new they send me a note saying to log in and check
Except that today they sent me a message through a third party "secure"
To protect the guilty, we'll call it Hubri.
See more ...
Stable link is https://jl.ly/Internet/sosecret.html
05 Sep 2018
I have recently become aware of
a blog post
from Recorded Future that
attempts to analyse the effects of the GDPR on online security.
Unfortunately, it starts by asking an irrelevant question, and then
goes on to use irrelevant metrics to come to a meaningless answer.
The premise of Recorded Future's article -- that spammers would send
more spam and register more domains because GDPR came into effect --
tells us nothing useful about how GDPR affects anything. It's the
wrong question, it's not a question most security people are concerned
with, and it ignores how spam and spammers work.
See more ...
Stable link is https://jl.ly/Internet/recorded-future.html
My other sites
Who is this guy?
Airline ticket info
Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access
43 days ago
A keen grasp of the obvious
My high security debit card
350 days ago
Coalition Against Unsolicited Commercial E-mail
Network Abuse Clearinghouse