onfocus

Strange Loop IP Spoofing Talk

An engineer at Cloudflare shares some data from the front lines of fighting DDoS attacks. He also makes the connection between DDoS and service centralization and offers some potential solutions. (Unfortunately I don't see any incentive for big companies to fix this problem.)

• My First 5 Minutes On A Server
  Or, Essential Security for Linux Servers. Nice quick checklist.

• Let's Encrypt
  This is a fantastic idea! You install a bit of software on your server to automate the security certificate garbage. It'd be great for low-stakes sites where the hassle of setup is the barrier.

• Apple: Untrustable « random($foo)
  Leonard has a great summary of the Apple security problem: "Either Apple’s security was so incompetent or negligent that they have not been aware of what was going on, or they knew, but actively ignored the issue and decided that it was not worth fixing."

• Heartbleed should bleed X.509 to death
  Excellent rant about the state of SSL/TLS in the wake of Heartbleed. Plus: PGP!

• Keybase
  This looks like a nice stab at making public key cryptography more user-friendly.

• AWS Tips, Tricks, and Techniques
  Good list of ideas for setting up secure systems at AWS.
• AWS Tips I Wish I'd Known Before I Started
  More lessons learned from hosting at AWS.

• Qualys: SSL/TLS Deployment Best Practices
  Trying to mitigate all of the known SSL exploits is a challenge. This document is a good summary of current best practices.
• Free Library of Philadelphia: Eric Schlosser on Command and Control
  Remember your friend from the Cold War, existential terror? It's back in Eric Schlosser's new book. This is a great talk he gave about it. "The consciousness of our nuclear arsenal vanished, but the danger has never left us."

• Bruce Schneier: The US government has betrayed the internet. We need to take it back
  "To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it."

• Emptyage: Yes, I was hacked. Hard.
  Mat Honan is experiencing a nightmare cascade failure of interconnected services. This is a good reminder to back things up and make sure your passwords are unique for each service.

• Stack Overflow: Google Authenticator available as a public service?
  Some good information here about using Google's iOS Authenticator app to implement 2-factor authentication at any website.

• Futility Closet: Home Made
  "Sears used to sell houses by mail." Someone please put old catalog pictures side by side with modern pictures of those houses still in use.
• rc3.org - Managing my mistrust of Facebook
  "From now on, when I want to visit Facebook, I’ll be using the private browser setting in whatever browser I’m using." This is my new strategy too. What a hassle.