Prevent HSTS Tracking →
The eponymous Martin Brinkmann, writing at his gHacks site, details the method used to disable the HTTP Strict Transport Security tracking 'feature' in browsers (specifically, in this case, within Mozilla's Firefox browser. Outstanding.
LE Seeking DNA
Kashmir Hill, writing for Fusion, reports on law enforcement efforts to garner DNA records from private sector commercial entities (read - Ancestry and 23andMe). Outstanding reportage kudos to Ms. Hill, and Hat Tip to T. Blalock.
Sunday Security Maxim
Just Walk It Off Maxim: Most organizations will become so focused on prevention (which is very difficult at best), that they fail to adequately plan for mitigating attacks, and for recovering when attacks occur. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Saturday Security Maxim
Buffett’s Maxim: You should only use security hardware, software, and strategies you understand. Comment: This is analogous to Warren Buffett’s advice on how to invest, but it applies equally well to security. While it’s little more than common sense, this advice is routinely ignored by security managers. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
No Mandatory Decrypt... For Now →
Interesting source this time, coming from Roger Fingas, writing for Apple Insider, detailing the current Lame-Duck Administrations' decision to avoid forcing corporate entities to decrypt communications for Law Enforcement Agencies.
LinkedIn Targeted By TG-2889 →
via Norse Corporation's DarkMatters, comes word of new LinkedIn targeted attacks; this time, perpetrated (allegedly) by Iranian miscreants et. al... In this case, the researchers have fingered TG-2889. Read the full report here.
The 500k →
Codebreaker Granddaughter →
Litany of the quiet heroism of William Gordon Welchman at Bletchley Park, his modern day connections (in this case his granddaughter's well-placed esteem). Today's Must Read.
Apple Boots In-App Ad-Blockers →
via the eponymous Graham Cluley, writing via his blog, details the removal of in-app ad-blockers from the Apple Inc. (NasdaqGS: AAPL) app store.
Sunday Security Maxim
Tabor’s Maxim #2 (Cost Maxim): Security is practically achieved by making the cost of obtaining or damaging an asset higher than the value of the asset itself. Comment: Note that “cost” isn’t necessarily measured in terms of dollars. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Saturday Security Maxim
Tabor’s Maxim #1 (Narcissism Maxim): Security is an illusionary ideal created by people who have an overvalued sense of their own self worth. Comment: This maxim is cynical even by our depressing standards—though that doesn’t make it wrong. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory