Ken's Weblog

People should not fear their governments; governments should fear their people.

Tag: security

  • Second opinion on iCloud insecurity

    Apple holds the master decryption key when it comes to iCloud security, privacy [Ars Technica]

    The folks at Ars Technica noticed the same thing I did about their earlier article and actually investigated.

  • IT actually concerned about security

    ‘Microsoft We Don’t Feel So Good About’.

    David Gelles and Richard Waters, in a piece titled “Google Ditches Windows on Security Concerns” in the Financial Times:

    New hires are now given the option of using Apple’s Mac
    computers or PCs running the Linux operating system. “Linux is
    open source and we feel good about it,” said one employee.
    “Microsoft we don’t feel so good about.”

    [Daring Fireball]

    I wish the “security” company I worked for had that much sense. Unfortunately, they make it as hard to get Mac (or Linux) machines as Google has made it to get Windows. And since the Powers That Be decided to “outsource” our entire IT department to a company that manufactures Windows PCs, I don’t expect that to change any time soon.

  • Uninformative browser warnings

    Security Certificate Warnings Don’t Work. angry tapir writes “In a laboratory experiment, researchers found that between 55 percent and 100 percent of participants ignored certificate security warnings, depending on which browser they were using (different browsers use different language to warn their users). The researchers first conducted an online survey of more than 400 Web surfers, to learn what they thought about certificate warnings. They then brought 100 people into a lab and studied how they surf the Web. They found that people often had a mixed-up understanding of certificate warnings. For example, many thought they could ignore the messages when visiting a site they trust, but that they should be more wary at less-trustworthy sites.”

    Read more of this story at Slashdot.

    [Slashdot]

    Every time I’ve encountered a certificate warning it’s been for a perfectly valid but self-issued certificate. If the people in the experiment have had similar experiences, it’s not surprising they would have gotten into the habit of ignoring the warnings.