Change direction, increase speed! (or why glibc changes nothing)

The glibc issue has had me thinking. What will we learn from this? I’m pretty sure the answer is “nothing”, which then made me wonder why this is. The conclusion I came up with is we are basically the aliens from space invaders. Change direction, increase speed! While this can give the appearance of doing something,Continue reading “Change direction, increase speed! (or why glibc changes nothing)”

glibc for humans

Unless you’ve been living under a rock, you’ve heard about the latest glibc issue.CVE-2015-7547 – glibc stack-based buffer overflow in getaddrinfo() It’s always hard to understand some of these issues, so I’m going to do my best to explain it using simple language. Making security easy to understand is something I’ve been talking about for a longContinue reading “glibc for humans”

Does the market care about security?

I had some discussions this week about security and the market. When I say the market I speak of what sort of products will people or won’t people buy based on some requirements centered around security. This usually ends up at a discussion about regulation. That got me wondering if there are any industries thatContinue reading “Does the market care about security?”

OpenSSH, security, and everyone else

If you pay attention at all, this week you heard about a security flaw in OpenSSH. Link to scary security flaw Of course nothing is going to change because of this. We didn’t make any real changes after Heartbleed or Shellshock, this isn’t nearly as bad, it’s business as usual. Trying to force change isn’tContinue reading “OpenSSH, security, and everyone else”

What the lottery and security have in common

If you live in the US you can’t escape the news about the Powerball lottery. The jackpot has grown to $1.3 Billion (with a capital B). Everyone is buying tickets and talking about what they’ll do when they win enough money to ruin their life. This made me realize the unfortunate truth about security weContinue reading “What the lottery and security have in common”

A security analogy that works

Over the holiday break I spent a lot of time reading and thinking about what the security problem really is. It’s really hard to describe, no analogies work, and things just seem to keep getting worse. Until now! Maybe. Well, things will probably keep getting worse, but I think I’ve found a way to describeContinue reading “A security analogy that works”