So far this year I have mostly ignored Dropsafe – it’s been unwarrantedly pushed to the back of my mind, partly because I’ve been blogging elsewhere.

I’ll address that, but in the meantime:

“Open Source has no bearing upon Software Security – Community does.”

Open Source has no bearing upon Software Security – Community does.

Sorry, Eric: “many eyes” goes only so far; but at least open source engenders community…

Time again to annoy a bunch of my peers, but only the ones who skim articles rather than take time to read fully:

Security quality is disjoint from openness. Free and Open Source Software (FOSS) is clearly and famously not less secure that closed / proprietary software – but neither is FOSS necessarily more secure than proprietary.

“How A Screwdriver Teaches Something Fundamental About Security”

How A Screwdriver Teaches Something Fundamental About Security

There are some very key lessons in security. One is that “security through obscurity” is not to be relied upon in any form.

If you were paying attention last week you should have been reading “Reducing Systemic Cybersecurity Risk” by Ian Brown (not him) at OII and Peter Sommer at LSE. This 1.5Mb, 136-page epic PDF got splashed somewhat, mostly for its defanging of the military cyber mythos. The paper benefits from careful reading – several sections feature sidebars and final paragraphs which feel as if they were bolted-on in the editing phase; they hang slightly disconnectedly and make points which I wish had been made fuller, higher-up, in greater depth and in a couple of cases in bold text.

“Zen and the Art of Data Destruction”

Zen and the Art of Data Destruction

Why trash your hard disks? Good question…

This morning a friend pointed me to the following blog article by David Bradley

On the BBC TV news this morning, there was video footage of a man in overalls feeding hard drives, one after the other, into an incinerator. The hard drives had been pulled from computers used in the UK government’s failed ID card endeavours. Now, forgive me, it may have been purely for show and it was easier to publicly have an operative burn the disks rather than show an IT person using scrubbing software to remove all the data they contain and so allow the drives to be re-used. But. If they really are burning them, two things:

“Why should you ever trust your hardware?”

Why should you ever trust your hardware?

Supposedly the last computer fully comprehensible to a single person was the VAX 11-780; your phone is much worse…

Last night I attended a small un-conference run by the Tor Project – specialists in providing access to websites that your repressive Government regime probably doesn’t want you to see. They don’t exactly provide anonymity because it’s still entirely possible for you to “out” yourself, however the secret policemen at your ISP won’t get a log of your traffic content, and they won’t know which websites you’re contacting.

Tor is an interesting project and I recommend all readers to investigate – and possibly find some way to support – their work; but just to put this into context…