Problem Areas for SSL

The security of the transactions for much of the consumer Internet relies on the Secure Socket Layer (SSL) protocol. SSL and its Public Key Infrastructure (PKI) are critical Internet infrastructure. Most consumer Web, email, and VoIP traffic relies on SSL for security as does substantial portions of enterprise Internet traffic both from SSL enabled Web applications and SSL-based VPNs.

Fundamental problems increasingly put this infrastructure at risk. Significant risks include flawed implementations of the SSL protocol and PKI, inadequate verification mechanisms for certificate issuance, limited implementation of revocation mechanisms, and involvement by state actors in the issuance process. There are no viable alternatives to the mainstream use of SSL that are currently widely accepted or deployed.

Cryptographic Flaws

The… Continue reading

It’s happened to all of us. You are busy writing, entering data, or working on a slide deck and all of a sudden something freezes and then the application crashes. If either we recently saved the document all is well, otherwise the inevitable explicative follows. It is 2011 and there is no excuse for not having autosave, but there are still a depressing number of applications that do not automatically save documents. Blaming the user who lost work to an application or operating system crash is blaming the victim. People are far better served by applications that automatically name, save, and version their files without requiring manual intervention. This way users can easily undo or revert to an older version after application crashes, machine hangs, and power outages, no swearing… Continue reading

Trouble in Time Machine Land

In my recent article, A Simple and Effective Backup Strategy for Mac OS X, where I recommended a three part backup system: 1) a full disk clone, 2) local incremental backups with Apple’s Time Machine, and 3) networked incremental backups with CrashPlan. I found Time Machine problematic for my own setup, for reasons I explain below, so I now use CrashPlan for both local and networked backups.

For most people with configurations that are not highly customized or complicated, Time Machine is a great “set and forget backup” solution. The primary interface is a single on or off toggle switch. Its ease of use can make the difference between having backups and not having backups for many. At… Continue reading

Disk is inexpensive compared to the value of your time and data. My personal backup configuration consists of three types of backups. The following combination has proven itself over the last several years and I recommend it. It includes 1) A full disk clone, 2) an incremental backup, and 3) an online backup service. This setup is redundant, quick to configure, needs little maintenance, and allows for rapid recovery of data, even with a catastrophic failure.

Details of the three part backup strategy:

1. A clone is a replica of your disk. One great feature of Mac OS X is that you can boot directly from a clone. This means if your hard drive dies, you can reboot from a clone on an external drive and be