Morning news

Want news? – Read blogs!

I have this strange habit of reading news in the morning. Not that I have a newspaper and a cup of coffee, no. But I have a cup of tea and read the news online. Today is one of those silly days when my news feed is jammed with one single news item. Today it is Twitter – security of Twitter was improved in some way and every single newspaper and online publication in the world seems to make it their duty to make a big splash about it. Okay, maybe, just maybe, I want to get a notice of that, somewhere in a corner, three words. I definitely not interested so much as to read the whole morning news about it.

In a word, the morning news reading is spoiled. This happens from time to time. The news in this “networked world” are weird. Either there is a lot of “buzz” – irrelevant small items or everyone is copying each other on the same item all over the place. It does seem like reading the consolidated blog feed of sites you care about is, after all, the best way to get news in today’s world. We have to get used to the fact that most relevant news are not delivered anymore by general news outlets but by very specific people with a passion to write about events that matter to them personally.… -->

continue reading →

A security blog – to be or not to be?

I have been toying with the idea of starting a security blog for some time now. Today, again, was talking to my colleagues and at least one of them thinks it is a great idea.

I always look with horror at what passes as security “features” proposed to the people who just start writing websites. The frameworks are no better, they usually have a long outdated set of functions. Or some of them are defective by design. And there seems to be no place on the whole Internet to turn for help. You would not e-mail Bruce Schneier every time you need to make a password hash, would you?

So I think there must be a place where people can turn to for some information on how the proper security is built. How the user authentication should be set up, how the passwords are stored, what is a good and a bad implementation of “remember me” function and so on. Something has to be done to improve the security of all those start-up website coming online by the thousand every day. Even old companies, like LinkedIn and Citibank, get hacked because they do not do it right. The help on security must be provided somehow, somewhere.

Isn’t there such a  place already?… -->

continue reading →