I’ve purchased a certificate for the blog so it can run on SSL/TLS, ie have an https address.
Little did I know how much grief this would cause. However, I only locked myself out of the blog once, and with the help of of a WordPress https plugin I am gradually reducing the number of mixed-content errors.
Security really shouldn’t be this hard …
Really funny if you are into crypto. From xkcd of course.
Today is Data Privacy Day. Start your celebration with Unqualified Offerings:
Snowden’s revelations must be especially hard on the psychiatric profession. If one patient dismisses the idea that the government is spying on him, and the other is convinced that the government is working with major electronics manufacturers to put listening devices in his personal belongings, which one do you diagnose as being unable to distinguish reality from fantasy?
At a University committee meeting recently, I suggested the University should provide us all with encryption so we can protect our data on our computers, and in transit, as it was at risk of interception. The ranking University official at the meeting smiled dismissively and said something along the lines of ‘Well, if you are worrying about that…”. I said, “but it’s national policy – the President announced it.” He stopped smiling.
New infographic from EFF:
And the press release:
Dropbox, Google, SpiderOak and Sonic.net Score Five out of Five in Crypto Best Practices
San Francisco – The Electronic Frontier Foundation (EFF) today published a new infographic to illustrate how 18 service providers are encrypting communication. The chart supplements EFF’s popular “Who Has Your Back” series, which evaluates how companies respond to government requests for user information.
Over the last three weeks, EFF surveyed the companies on whether they are now employing or have concrete plans to employ a set of five best practices: Encryption of data center links, Hypertext Transfer Protocol Secure (HTTPS) support, HTTP Strict Transport Security (HSTS) support, forward secrecy and STARTTLS for email encryption.
Four of the companies surveyed-—Dropbox, Google, SpiderOak and Sonic.net—-are implementing all of the measures. In addition, six companies-—the aforementioned four, plus Twitter and Yahoo–are taking, or have committed to taking, the critical step of encrypting the connections for their data centers to protect against backdoor access like the NSA’s MUSCULAR program.
“In light of the National Security Agency’s unlawful surveillance programs, as well as other threats to network security, it is now more important than ever to deploy strong encryption throughout networks,” EFF Senior Staff Attorney Kurt Opsahl said. Like all EFF content, the infographic is available for publication at no cost under the Creative Commons-Attribution License.
For a detailed explanation of the survey, the encryption practices and the chart: https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what.
xkcd: Privacy Opinions
I guess I started somewhere between the crypto nut and the nihilist. These days some conspiracist sneaks in. The NSA really is building a huge data warehouse in Utah, you know….