Comments on: about

By: hell if i know

hell if i know — Sat, 17 Jul 2010 06:40:01 +0000

You’re absolutely right. I have not addressed that. Chalk it up to “lost objectivity.” My next post will address it.

By: Eric Stott

Eric Stott — Fri, 16 Jul 2010 16:52:36 +0000

How would you solve the answer to the SSL bribes? I mean, would you put together a new authentication system altogether, or train internet users (that small subset of the world’s population) that the warning when either a company has refused to pay the SSL bribe, or created self signed certificates: should be ignored, or something altogether different?
Or am I missing the point altogether?

By: wth

wth — Fri, 16 Jul 2010 08:16:25 +0000

This is an outstanding question. One of my goals is to NEVER ridicule something unless:

(1) I have years of experience with it, AND …

(2) Those years have led me to conclude there has got to be a better way of accomplishing the goal, AND …

(3) I’ve invested a great deal of time identifying a better way, where “better” definitely includes “viable” but not necessarily “easy,” AND …

(4) I’ve persuaded a handful of security pros whom I deeply respect, that my “better” way is indeed better

Naturally I aim not to miss the mark here, so when I do or appears I do, I reckon it’s due to one or more of:

(a) Having so much to say, I have to say it in chunks e.g. The 9 Laws of Phishing, OR …

(b) I’ve lost objectivity from having thought about it so long, OR …

It would be helpful for me if you could point out one or two posts that need clarification.

By: Eric Stott

Eric Stott — Wed, 14 Jul 2010 07:43:17 +0000

I have read all of your blog entries: all VERY riveting.
I totally understand where you are coming from and totally agree that security is essentially a SHAM.
I am not a security guy, and so I ask: since you are a security guy -> what would you do different?
It appears to be be a lot of soap-box screaming, but with no suggestions on what to do better, what good is this blog?
Did I just waste an entire night reading every single blog entry searching for answers, only to walk away empty handed?

Excitedly waiting for some alternatives to SSL-Bribes.

By: Cormac Herley

Cormac Herley — Sat, 10 Apr 2010 00:16:52 +0000

I’m privileged then to know the Scarlet Pimpernel of security? Best of luck as you try to save sanity from the clutches of Madame Guillotine. Will this Reign of Terror never end?

By: whatthehe11

whatthehe11 — Wed, 07 Apr 2010 02:23:56 +0000

Thank you for the high compliment Cormac. To add to the mystery: We actually know each other. :)

By: Cormac Herley

Cormac Herley — Tue, 06 Apr 2010 03:09:57 +0000

Know what makes me mad as hell? Reading post, after post where the author just nails it, and not having any idea who the author is. Know what makes me madder than hell? Wishing I’d thought of that, said that, and expressed it that well. Arghhhhhhh! It’s enough to drive a body to strive to do better oneself: unacceptable.