Filtering Doesn't Work. Education Might.

Internet filtering will not keep your children safe. Your children probably know more about computers than you; they will find or make holes in your software. Even if you whitelist, ban chat and p2p programs, block Google image search, and block every video and image hosting website, you'll never come close to blocking everything. If that's your strategy, you might as well just call up your ISP and cancel. Even then, you cannot monitor your children at their friend's house, at the library, or when they grow up. Filtering can prevent you from stumbling into undesired materials, but it cannot stop someone from breaking out. Teach your children how to use the internet safely. Teach them to be good. Then trust them to make the right decisions. I call it parenting.

Warfare 2.0

Last year Stuxnet attacked rare hardware controllers used by Iran's nuclear program. This year Fukushima faces a nuclear crisis. The crisis was caused by an earthquake, but it's not hard to imagine what a well funded attacker could do. No amount of static defense will make networks secure. The best defense is a good offense, especially in cyber warfare. State funded attackers, criminals, and terrorists need to be hit before they hit our networks. Counter-attacks should be adapted to the target; criminal organizations or terrorists cells get less impunity than states like China or Russia. At least publicly. Anyone with a computer can play war now. But having an army of hackers isn't enough to keep you safe either—the countries of the world need to work together. We need international law to step up to the plate. If it doesn't, you can be sure things will get messy.


Inside Cyber Warfare is a good book.

Teaching Hacking in School

Here is a video I made to show why Computer Security must be taught in school.

Smart DRM—Starcraft 2

People should be paid for their work. Technology has fundamentally changed the way we use media, yet unimaginative, manipulative executives believe that monolithic copyright laws and ineffective DRM technologies will keep their antiquated business models alive. Video games are among the most pirated software: the key verification algorithm can be reverse engineered, and key generators can be developed. Blizzard's Starcraft 2 has a better approach to this problem. You can take your Starcraft II disk and install it on any machine you want. However, in order to play you must log in with your battle.net account, which you have associated with the Starcraft II licence you purchased. The key verification algorithm is safe(r) on Blizzard's server, and you can play from wherever you'd like without having to worry about keeping track of your key; everyone wins. The key is adapting business models and copyright laws to the technology—not the other way around.

You Go, Girl!

It warms my heart to see women in computer science, like this hacker who was programming in x86 and C by age 14. It is baffling that there are so few women in computer science: its flexibility makes it a great profession whether you are career driven, a traditional stay-at-home mom, or anywhere in between. I don't know whether it's the misconception that computer science is for nerdy guys, or some biological difference in women's brains; all I know is a lot of women are missing out on computer science, and computer science is missing out on a lot of women.

Mac Hacker Interview

Today, thanks to Technocrat, I read an awesome interview with two of my hacking idols: Charlie Miller and Dino Dai Zovi. Read it.


Things I liked/found interesting:

• Mac security is far from perfect
• Google Chrome is good
• Education is good—the good guys need to know. Bad guys tend to already know.
• Apple needs to treat researchers better
• Apple's security (like everyone else's) depends on how much it will protect their wallet.
• "As for whether I have an exploit in my pocket, a gentleman doesn't discuss such things, but I'm not a gentleman, so yes." - Charlie
• These guys are smart

There is Good

I wish we lived in a world where we could keep the front door unlocked. Sometimes in my obsession with the vulnerabilities of technology I become so overwhelmed by paranoia and distrust that I forget computers can be a force for good. For every advance made in security, it seems as if attackers make two advances. However, we can't let ourselves be discouraged; people are using computers for good. Perhaps we should count the number of ways that computers bless our lives. Then, armed with a spirit of optimism, continue to harden defenses, improve transparency, and educate users. It's easy to lose faith, but let's have hope that good will prevail and computers will continue to make our world a better place.

Colbert on HBGary v. Anonymous

This is Stephen Colbert's hilarious take on the recent events between HBGary and Anonymous. via Threatpost.