Sign up to save your podcasts
Or
Share Episode 30 - Absolute Security Absolutely
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 30 - Absolute Security Absolutely
Discussed Articles
1) CloudFlare, SSL and Unhealthy Security Absolutism
We discuss Troy Hunt's discussion of security’s unhealthy obsession of absolutism
* https://www.troyhunt.com/cloudflare-ssl-and-unhealthy-security-absolutism/
* https://www.troyhunt.com/cloudflare-ssl-and-unhealthy-security-absolutism/#comment-2866817518
2) Google Chrome's Indicator Migration for Non-HTTPS Connections
Google is moving to decrease the visual trust level for HTTP sites. Is this a good thing? Should all sites everywhere need to be HTTPS by default or does it not matter for your mom and pop bagel shop site?
* https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
* http://arstechnica.com/security/2015/04/ddos-attacks-that-crippled-github-linked-to-great-firewall-of-china/
3) Why Do We Judge Parents For Putting Kids At Perceived — But Unreal — Risk?
Apparently CVSS should have a modifier for the rater's estimate of the moral wrongness of a vulnerability. Research recently published to Collabra gives us some really interesting insights into how humans make estimations of risks based on how morally wrong they deem an action to be.
* http://www.npr.org/sections/13.7/2016/08/22/490847797/why-do-we-judge-parents-for-putting-kids-at-perceived-but-unreal-risk
* http://www.collabra.org/article/10.1525/collabra.33/
* https://twitter.com/DavidKenner/status/773160292536680449
Breach of the Week
Dropbox
User database dumps from Dropbox's 2012 breach are starting to surface prompting Dropbox to force password resets.
* https://www.troyhunt.com/the-dropbox-hack-is-real/
* https://blogs.dropbox.com/dropbox/2016/08/resetting-passwords-to-keep-your-files-safe/
* http://www.businessinsider.com/yahoo-announces-on-demand-passwords-so-users-never-have-to-remember-a-password-again-2015-3
View all episodes
Discussed Articles
1) CloudFlare, SSL and Unhealthy Security Absolutism
We discuss Troy Hunt's discussion of security’s unhealthy obsession of absolutism
* https://www.troyhunt.com/cloudflare-ssl-and-unhealthy-security-absolutism/
* https://www.troyhunt.com/cloudflare-ssl-and-unhealthy-security-absolutism/#comment-2866817518
2) Google Chrome's Indicator Migration for Non-HTTPS Connections
Google is moving to decrease the visual trust level for HTTP sites. Is this a good thing? Should all sites everywhere need to be HTTPS by default or does it not matter for your mom and pop bagel shop site?
* https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
* http://arstechnica.com/security/2015/04/ddos-attacks-that-crippled-github-linked-to-great-firewall-of-china/
3) Why Do We Judge Parents For Putting Kids At Perceived — But Unreal — Risk?
Apparently CVSS should have a modifier for the rater's estimate of the moral wrongness of a vulnerability. Research recently published to Collabra gives us some really interesting insights into how humans make estimations of risks based on how morally wrong they deem an action to be.
* http://www.npr.org/sections/13.7/2016/08/22/490847797/why-do-we-judge-parents-for-putting-kids-at-perceived-but-unreal-risk
* http://www.collabra.org/article/10.1525/collabra.33/
* https://twitter.com/DavidKenner/status/773160292536680449
Breach of the Week
Dropbox
User database dumps from Dropbox's 2012 breach are starting to surface prompting Dropbox to force password resets.
* https://www.troyhunt.com/the-dropbox-hack-is-real/
* https://blogs.dropbox.com/dropbox/2016/08/resetting-passwords-to-keep-your-files-safe/
* http://www.businessinsider.com/yahoo-announces-on-demand-passwords-so-users-never-have-to-remember-a-password-again-2015-3