September 20th 2008
This is more of a reminder to myself - you can enable SSL on WordPress, but it’s essentially an undocumented feature. This afternoon all I could find was a forum posting on enabling SSL.
There doesn’t seem to be genuine documentation on it in the Codex, at least, not documentation that pops out when you do a search. Continue Reading »
September 20th 2008
It’s no surprise that someone managed to reset Sarah Palin’s password on a freebie e-mail account. She’s a public figure and the answers to her so-called “security questions” are on the public record. It’s one thing to do personal and political e-mail on a Yahoo account but it’s DUMB to use such an account for government business when you have your very own support staff to keep that e-mail secure.
Large scale vendors like Yahoo and Google can’t help but do a bad job at authentication. This is why OpenID poses such promise - it lets us choose our authentication provider. Yes, some people will choose bad vendors. Careful people, however, get to choose safe ones. Continue Reading »
September 18th 2008
These are design patterns in the Christopher Alexander sense rather than the object oriented design sense: they address the physical and network environment rather than focusing on software abstractions. The patterns were introduced in my book Authentication.
There are four patterns: local, direct, indirect, and off-line.
September 7th 2008
In honor of the electoral season, I’m sharing an old photograph. The occasion was a visit by Senator John McCain (R-AZ) to Secure Computing in June, 1999. We discussed possible revisions to cryptographic export controls, and he posed for photos, holding a copy of Internet Cryptography, which was ‘recently published’ back then.
I don’t want to turn this into a political blog - this posting simply reports on the visit. Continue Reading »