Personally, I've had just about all I can't stand of making Cthulhu into a cute, funny, fuzzy cartoon character. Not because it isn't funny to take a giant inter-dimensional nightmare and turn it into fluffy bunny's best friend - it really is - but because the joke is just getting old. Enough already. But every now and then I still come across someone who manages to do it right, and this site is one. Bump to http://www.callsforcthulhu.com/

These ten misconceptions represent the ones I often find myself helping people at many levels, from executive to developer, to understand. Knowing them can help you achieve your security goals, and be a smarter user or customer of security products and services.

1. It's encrypted, so it's secure.
2. Get it working, then make it secure.
3. The more tests the better.
4. Open source is more secure because more people have looked it.
5. Algorithm X is better than algorithm Y.
6. No one knows my algorithm, so it must be secure.
7. Once a piece of code is deemed secure in one system, is secure for use everywhere.
8. There are dozens of random number generators out there, all of them adequate.
9. Red teams need access to the code to do their jobs.
10. If it wasn't broken into, it must be safe.

Read on to learn why these are indeed misconceptions, and why they can be dangerous.
Read More...

I finally decided to upgrade my MacBook Pro to Leopard, and really, I could not be more disappointed. If you showed me Leopard without telling me what it was, I would have guessed it was Microsoft's latest attempt at copying Aqua, or some really clever Gnome theme.

In short, Leopard is buggy, and the UI is the most un-Apple-like thing I have ever seen from Apple. I've burned enough hours fixing and working around dozens of issues, so I am not going to go the full 9 yards with screen captures and examples, but here is a sampling of my gripes...

Read More...

I grabbed this before a flight at the local book store, as I am a fan of New Scientist magazine and their podcasts. The title threw me for a loop, but the book is essentially a collection of "Last Word" questions, whereby readers ask science questions such as, "Why is earwax yellow," or, "Are green potato chips really toxic," and other readers (usually SMEs) answer. At first I thought it would be simply funny, but you know, after reading through them all, I have to say this is one of the finest pieces of edutainment I have read in the last ten years.

The book is great for reading while waiting in the car or plane, as most of the Q&As are short enough that you can read them in under ten minutes. The bottom line is that the book is so wonderful, no bookshelf should be without it. I promise you will laugh, learn, and find it nigh impossible to not run to the next person you see and start a sentence with, "Did you know...."