Certifiably Silly

Over at “The Security Practice,” Michael Barrett writes about “Firefox 3.0 and self-signed certificates.” Neither he or I are representing our respective employers.

…almost everyone who wants to communicate securely using a browser can afford an SSL certificate from CAs such as GoDaddy, Thawte, etc. The cost of single certificates from these sources can only be described as nominal.

There are all sorts of use cases where $29 is not chump change. For example, I own about 8 domains, that’s $240 in “security taxes.” People in the third world would like to communicate securely. But most importantly, the idea assumes that it’s ok to have an infrastructure which is mostly unencrypted, and we may only trust encryption only after the certificate priests bless it. When I wrote about turning on “opportunistic encryption for PostFix,” my goal was encrypting all email. There’s no need for a CA. The threat model is passive adversaries, and there are lots of those.

My company is a major target of phishing, and as such we’ve spent quite a bit of time researching what anti-phishing approaches work We published a whitepaper on this topic (which can be found on the company blog at www.thepaypalblog.com), which explains this in detail. However, a couple of relevant conclusions are that: 1) the vast majority of users simply want to be protected, 2) there’s no single “silver bullet”, and 3) that what we describe as “safer browsers” such as IE 7, and Firefox 3.0 are a significant part of the solution based on their improvements in user visible security indicators and secure-by-default behaviors.

You can’t always get what you want. Really, most people have little understanding of the issues. I think this is in large part because we’ve been talking down to them, in some part because the issues are complex, and in some part because it’s not important enough for them to want to become educated. It’s especially not important enough in light of debates like this one. We should try (sometime) to give people what they need.

I think we’d agree that the vast majority of users want, need and deserve protection that’s as simple and effective as we can make it. I don’t think blocking self-signed certs is a large part of that goal.

I conflated two or three separate ideas in that last sentence, and I should explain them. The general logic is that most users should never be presented with a security dialog that gives them a choice – if they are, there’s typically at least a 50:50 chance that the wrong decision will be made. Instead, the browser should make the decision for them. However, in the case of self-signed certificates it’s almost impossible to see how any technology can disambiguate between legitimate uses and criminal ones.

When viewed through this lens, the changes to the Firefox user experience for self-signed certificates makes perfect sense.

Even viewed through the lens presented, the self-signed experience doesn’t make perfect sense, unless you start with the assumption that a $29 SSL cert has some useful security value. I don’t believe it does. What it does is get rid of the ‘self-signed’ warnings. There are cheaper and easier ways to do that. Most of the certificates out there are signed by a company that the relying consumers have never heard of. There’s just not that much verification that can be done for $29. Today, anyone who’s broken into a company’s mail server can buy a fake cert with a stolen credit card.

Now, Michael’s employer is under massive attack. I am sympathetic to their desire to improve things, and I applaud a lot of things that they do. For example, their use of one time password tokens is great. I also think there’s great value to pushing people to recent browsers.

At the same time, it’s sensible for them to want to shift risk-part of me even welcomes the risks and attacks hitting the CAs. But I think that imposing yet another security tax, based on a static analysis of attackers, and some certificate authority pixie dust isn’t going to help things for very long.

And given the very real costs and the very fuzzy benefits, I think that breaking self-signed certificates is the wrong approach. What’s the right approach? I wrote “Preserving the Internet Channel Against Phishers” three years ago. I think that the advice isn’t silly at all.

Congratulations to Raffy!

security visualization.jpg
His book, Applied Security Visualization, is now out:

Last Tuesday when I arrived at BlackHat, I walked straight up to the book store. And there it was! I held it in my hands for the first time. I have to say, it was a really emotional moment. Seeing the product of 1.5 years of work was just amazing. I am really happy with how the book turned out. The color insert in the middle is a real eye-catcher for people flipping through the book and it greatly helps making some of the graphs better interpretable.

I’m really excited, and look forward to reading it!

That’s an address I haven’t used in a very long time.

Well, I got a letter from BNY Mellon, explaining that they lost my data. The most interesting thing about it, I think, is where it was sent, which is to my mom. (Hi Mom!) I had thought that I’d moved all of my financial statements to an address of my own more than a decade ago. I’ve been meaning to call BNY and ask questions, but haven’t had time.

The letter is dated June 9, regarding a February 27th loss by Archive Systems, Inc. The three-plus month delay annoys me. Archive Systems isn’t named in the letter. I had to look at Data breach at New York bank possibly affecting hundreds of thousands of CT consumers to discover that.

The signup experience for the “Triple Alert Monitoring” from Experian was not awful, but it was pretty poor. It demanded lots of personal information, wasn’t clear how it was going to be used. Experian stuffed a long terms and conditions into a three line at a time scroll box, clearly indicating that they don’t expect anyone to read it. Their web site silently relied on Javascript, and it wasn’t at all clear how long I’m enrolled for. I have little doubt I’ll start getting renewal notices in three months.

Incidentally, I’ve Been Mugged has a review of Triple Alert.

Watchlist Cleaning Law

Former South African President Nelson Mandela is to be removed from U.S. terrorism watch lists under a bill President Bush signed Tuesday…
The bill gives the State Department and the Homeland Security Department the authority to waive restrictions against ANC members.

This demonstrates that greater scrutiny must be placed on the decisions about who gets placed on terrorist watch lists and other government blacklists. It took a long time for Nelson Mandela to get off the list, and I wonder whether anybody who isn’t of Mandela’s stature stands a chance getting off the list. The story also raises questions about just who is designated a terrorist. There must be greater accountability in creating these lists.

(Dan Solove, “U.S. Government Finally Recognizes that Nelson Mandela Isn’t a Terrorist.”)
I fully agree with what Dan says, and would extend it to creating, maintaining and using such lists. But I wanted to comment on something which struck me. The story says (accurately) that the law “gives the State Department and the Homeland Security Department the authority to waive restrictions,” and also states the sense of Congress. Why doesn’t the bill simply order the removal of all such people, and give them actionable rights if they aren’t removed?

The bill is HR 5690.

This Is Not Writing; You Are Not Reading

The Paper of Record has a hilarious article, “Literacy Debate: Online, R U Really Reading?” which asks important questions about what Those Darn Kids are doing — spending their time using a mixture of hot media and cold media delivered to them over the internets.

I’ll get right to the point before I start ridiculing the ridiculous, and answer the question. No. Of course not. It’s not really reading. This is not text. It is not the product of hot lead type lovingly smearing a mix of kerosene and soot over wood pulp. It’s a bunch of pixels, and those pixels are whispering directly into your brain. You are not reading, you’re hearing my snarky voice directly massaging your neurons. That doesn’t happen when you read. People don’t see things or hear things when they read. Ask Anne Fadiman if you don’t believe me. She knows.

Let’s look at some of the statements in the article:

Few who believe in the potential of the Web deny the value of books. But they argue that it is unrealistic to expect all children to read “To Kill a Mockingbird??? or “Pride and Prejudice??? for fun.

It is unrealistic to expect any children to read Austen. Austen is arguably the second best writer in all of English, but she requires emotional experiences that children do not have. Pride and Prejudice is no more children’s reading than 1984 is. Trust me on this, I know. I read 1984 when I was ten, and when I re-read it in college, I was gobsmacked to learn that there is sex in it.

Some traditionalists warn that digital reading is the intellectual equivalent of empty calories. Often, they argue, writers on the Internet employ a cryptic argot that vexes teachers and parents. Zigzagging through a cornucopia of words, pictures, video and sounds, they say, distracts more than strengthens readers.

They said pretty much the same about Dickens. Until relatively recently, no serious scholar of literature (read college professor) would admit to reading Dickens. Personally, I agree. These days he’s considered a classic, and the non-serious scholars won’t admit to reading him.

Last fall the National Endowment for the Arts issued a sobering report linking flat or declining national reading test scores among teenagers with the slump in the proportion of adolescents who said they read for fun.

And of course we can fix this by denigrating what they do read, as opposed to finding things for them worth reading.

“Whatever the benefits of newer electronic media,??? Dana Gioia, the chairman of the N.E.A., wrote in the report’s introduction, “they provide no measurable substitute for the intellectual and personal development initiated and sustained by frequent reading.???

I’ll do my part. I resolve to start writing my blog posts, okay? Do you want them in printing or copperplate?

[Synopsis: Nadia’s mother tries to instill a love of books in Nadia. Nadia does not respond until they get a computer, when Nadia gives up TV for fanfic.]

Now [Nadia] regularly reads stories that run as long as 45 Web pages. Many of them have elliptical plots and are sprinkled with spelling and grammatical errors.

Which the masters of modern literature such as Pynchon and Joyce would never do. Austen never had elliptical plots, they were circular, and she was merely eccentric.

Nadia said she wanted to major in English at college and someday hopes to be published. She does not see a problem with reading few books. “No one’s ever said you should read more books to get into college,??? she said.

And this is a problem?

Reading skills are also valued by employers. A 2006 survey by the Conference Board, which conducts research for business leaders, found that nearly 90 percent of employers rated “reading comprehension??? as “very important??? for workers with bachelor’s degrees.

I don’t know about you, but I wonder what sort of people the 10+% of employers are who think that reading comprehension is not very important. What sort of Dilbert-refugees are they? I find that “nearly 90%” to be disturbing.

Some literacy experts say that reading itself should be redefined. Interpreting videos or pictures, they say, may be as important a skill as analyzing a novel or a poem.

Ah, the word “may.” I’ve ranted about it before. It is true that interpreting pictures may be as important as analyzing a novel. It certainly is if you want to appreciate El Greco. But that’s not the point. As much as I like sneering at moderns who think Dickens is literature, times change. It may, indeed. Joyce may have written grammatically. Austen may be suitable for children. Reading comprehension may be important for workers with bachelor’s degrees. And Shakespeare’s works may have been written by another man of the same name.

I am disdainful of hot media, but the Web is the rennaissance of cold media. It’s an aberration in a slide to hotter and hotter media. Also realize that cold media is relatively recent. Most of human history had its literature in songs and pantomime.

Lastly, remember that kids have been no damned good for as long as we’ve been writing at all. The pinnacle of civilization was when we were in the caves, and it’s been a long slow slide into perdition ever since. Every generation is worse than the previous one. It will continue to be that way. These kids are going to sigh with exasperation and not understand why their kids roll their eyes at Sailor Moon. And they just not going to understand the true art form of fanfic and slashfic. Tsk.

Keeping abreast of the threat


The German Bundespolizei have announced what the BBC are calling a “bullet-proof bra“.

It may sound like a joke, but this is a serious matter – the policewoman who came up with the idea said normal bras can be dangerous when worn in combination with a bullet-proof vest.
“The impact of a bullet can push the metal and plastic bits of the bra into an officer’s body, causing serious injury,” said Carmen Kibat, an adviser on equal opportunities for the Hamburg-based Bundespolizei – Germany’s federal police force.
“I always thought normal bras posed a safety risk and I wanted to change that,” she said.

Now, I’m sure Frau Kibat’s heart is in the right place, and I would certainly not want it to be pierced by either a bullet or a brassiere clasp or underwire fragment, but I have to suggest here that “I always thought” doesn’t suggest that the decision to develop this article was made based on empirical data.
While I admit it’s interesting to see “Polizei” on a brassiere, it’d have been better to ask those that are concerned about the “risk posed by normal bras” to simply buy one that is made entirely of cloth, since they are readily available through non-governmental channels.
Photo: Reuters, via Die Welt

Instant Ice Age

Science reports in, “The Year the World Froze Over:”

It sounds like the stuff of science fiction, but nearly 13 millennia ago Europe was plunged suddenly into a deep freeze that lasted 1300 years–and the change happened in little more than a year, according to new data. The evidence also suggests that strong winds, not ocean currents, drove the rapid climate change.

Well worth reading.

Black Hat (Live) Blog: Keynote

Ian Angell from the London School of Economics gave a great keynote on complexity in systems and how the desire to categorize, enumerate, and add technology can break things in interesting ways.

An example of his: there’s an increasing desire among politicians and law enforcement to create huge DNA databases for forensic purposes, to aid in crime fighting and whatever. This will work until criminals start collecting DNA samples and scatter them at a crime scene creating confusion.

Angell didn’t mention a counter-measure, and I have one that I’m sure the politicos will want to use: make the possession of DNA a crime. There’s the obvious exemption for your own DNA, but this brings new and important expansions of the old standby of “inappropriate contact.”

This brings me to a complaint and irony about the “improvements” to Black Hat this year. The ironies occurred to me as Angell was speaking, talking about the ways added complexity brings new ways to fail.

One of the Black Hat improvements is that Black Hat is adopting a number of cool web-isms. There’s a Twitter feed, for example. They’re encouraging blogging by handing out blogging credentials for Defcon. This good and cool.

However, one of the other improvements is to move The Wall of Sheep from Defcon to Blackhat. Professor Angell’s cat Oscar would have a thing or two to say about that. However, Nick Matthewson of Tor said it best, I think.

If you are not familiar with The Wall of Sheep, it is a project in which the shepherds run a protocol analyzer on the network looking people using insecure protocols, plaintext passwords, and the lot. They quasi-anonymize them and then offer them up for what in Puritan days would be a pillory.

Nick’s comment about this, was that it’s a very 1990s thing. Here we are in the late aughties, and you have assume that if someone is at a security conference and using a non-secure protocol, that it is a lot like not wearing pants. If you’re at a conference in Vegas and someone there is not wearing pants, it’s probably wise to assume that they know they’re not wearing pants, and that they are not wearing pants for some reason.

I was paying enough attention at the time to note that Nick was wearing a kilt when he said that.

The Wall of Sheep is the Pants Police. They run a Pants Panopticon in which they rush around madly looking for people with no pants and posting them up on the Wall of No Pants. They’ve decided on their own that a lack of pants is a ridiculable offense, even for people who know they’re not wearing pants, and don’t care what you can see. Even moreso, they also post the mere rumor of pantslessness. I have heard tell that some people enjoy hacking the Pants Police by telnetting to some service and typing in usernames and passwords to be sniffed. I would never do that myself, but I’ve heard stories. They’re actually more the Pants TSA than the Pants Police, but Pants TSA doesn’t alliterate.

The Angell-quality irony here is that all these new communications systems that on the one hand we’re being encouraged to use are — questionable. Twitter looks a lot like knickers to me. And let’s face it, WordPress won a Pwnie award for the incredible number of vulns they’ve coded.

In short, you’d be a fool to use Twitter at Black Hat, or to blog, or — well, use DNS. For Pete’s sake, we’re being told to set up manual arp entries. (Yes, I know. You can use a VPN, or you mobile, or something else. That’s all very good, but once the Pants Police decide your Bermudas look like Speedos to them….)

The message of Black Hat that people should take away is that nothing is safe. That’s not necessarily bad. If we wanted houses to be safe as houses, we’d take out the windows and turn off the electricity. Technology is risk, as Angell said eloquently and entertainingly.

This is just more of the security wags naming, shaming, and blaming the victims. Is the message that one should take away from Black Hat is not to use a computer there? Even Professor Angell isn’t that pessimistic. He thinks that four ounces in an eight-ounce tumbler means you have too much glass.

Which is it at Black Hat? Web or no web? Pick one. Either Black Hat is (like Defcon) an open free-for-all in which griefing is just another way to spell 1337 and you’re a fool to bring electronics, or it’s an information exchange between smart people who blog, Tweet, and Plurk. Is a handshake a greeting, or a way to get a DNA sample? Are we using cutting edge or trailing edge technologies? If the former, remember that their security is going to suck until they get beat up — cutting edge techs can make you bleed. To phrase it another way, pick a century we’re in — 20 or 21. It matters less which one you pick than that you pick.

I hope it’s 21. I think Twitter is twee, but I’ve been using it and I smile when I do. (Plurk is much cooler, but I can hear The Good, The Bad, and The Ugly theme every time I go there.) I truly believe that blogging is just journalism in the cheapest free press civilization has ever had. AJAX is scary, but it’s scary in the way that driving a go-cart is scary. I don’t want to have to worry about the Pants Police, too, to make fun of me if I’ve misconfigured something I’m not as adept at as IRC. I’d like to deliver a live blog about the opening keynote on the day it was given, as opposed to while I’m still alive.

I think Black Hat is moving in a very good direction to make information flow better, more interesting, and more fun. Let’s just leave the old school hectoring back in dot.com era, and find out how to fix the new things by using them.

Does this mean we can revise our opinion of Friday the 13th?

Knights Templar Being Burned

According to The Daily Telegraph, the Knights Templar are suing the Vatican for all that money they lost in 1307. (The Telegraph has a companion article here as well.)

This adds up to a nice round €100 billion. The Telegraph didn’t say whether that is American billions (thousand million, 109) or English billions (million million, 1012), and given that the Templars were The World Bank of the turn of the previous millennium and there’s 700 years of interest involved, it’s not obvious how many zeroes need to go at the end.

Last October, the Vatican released copies of the parchments documenting the Templar Trials after having them been “misfiled” for over three hundred years. (My house has nearly as many books as the Vatican, squished into a much smaller space, so I completely understand how that could happen.)

These parchments reveal that in fact the Templars were found to be not guilty of heresy at the time, but Pope Clement V let them be disbanded and burned at the stake anyway because King Philip IV of France was being really cranky about it. (If you follow US foreign policy, you should completely understand how that could happen, as well.)

The major dodgy thing about the suit is that the Spanish group claims that their suit is not to reclaim damages but only to restore the good name of the Templars. Yeah, uh huh, sure. Then why aren’t you suing for a single Euro?

Perhaps the Freemasons will weigh in on this. Among the many Fun Templar Facts, there’s a surprisingly good theory that they’re founded by escaped Templars. Other Fun Templar Facts include that Friday the 13th is considered unlucky because that’s when they were all rounded up; that the burned Templar Grand Master, Jacques de Molay, was the 23rd Grand Master; and that Jacques de Molay was the inventor of Molé sauce.

Photo is of Jacques de Molay being sent to burn at the stake, via the GETTY and the Daily Telegraph web site.

Cleared Traveler Data Lost

Finger on print reader

Verified Identity Pass, Inc., who run the Clear service have lost a laptop containing information of 33,000 customers. According to KPIX in “Laptop Discovery May End SFO Security Scare” the “alleged theft of the unencrypted laptop” lost information including

names, addresses, birth dates and some applicants’ driver’s license numbers and passport information, but does not include applicants’ credit card information or Social Security numbers, according to the company.

We are also told:

The information is secured by two levels of password protection, the company reported.

Two levels of passwords. Wow. I guess you don’t need to encrypt if you have two levels of passwords.

The TSA suspended enrollment of new customers, but existing customers can still use the service. So if you stole the data and can use it, you’re Clear.

Update: They found the device. Chron article here. “It was not in an obvious location,” said a spokesperson.

Privacy Enhancing Technologies and Threat Modeling

Steven Murdoch and Robert Watson have some really interesting results about how to model the Tor network in Metrics for Security and Performance in Low-Latency Anonymity Systems (or slides). This is a really good paper, but what jumped out at me was their result, which is that the right security tradeoff is dependent on how you believe attackers will behave. This is somewhat unusual in two ways: first, it implies the need for a dynamic analysis, and second, that analysis will only function if we have data.

We often apply a very static analysis to attackers: they have these capabilities and motivations, and they will stick with their actions. This paper shows a real world example of a place where as attackers get more resources, they will behave differently, rather than doing more of what they did before. So actually operating a secure Tor system requires an understanding of how certain attackers are behaving, and how they choose to attack the system at any given time.

There’s a sense in which this is not surprising, but these dynamic models rarely show up in analysis.

Bonus snark to the Colorado team: why don’t you buy a botnet and see what you can break? (The Colorado team is the people Chris blogged about in “Ethics, Information Security Research, and Institutional Review Boards.”)

Solove’s Understanding Privacy

Dan Solove sent me a review copy of his new book, “Understanding Privacy.” If you work in privacy or data protection either from a technology or policy perspective, you need to read this book and understand Solove’s approach. That’s not to say it’s perfect or complete, but I think it’s an important intellectual step forward, and perhaps a practical one as well.

I’m going to walk through the chapters, and then bring up some of my responses and the reasons I’m being guarded.

Chapter 1 is “Privacy: A Concept in Disarray.” It lays out how broad and complex a topic privacy is, and some of the struggles that people have in defining and approaching it as a legal or social science concept. Chapter 2, “Theories of Privacy and Their Shortcomings” lays out, as the title implies, prior theories of privacy. Having thus set the stage, chapter 3 “Reconstructing Privacy“is where the book transitions from a review of what’s come before to new analysis. Solove uses Wittgenstein’s concept of ‘family resemblances’ as a way of approaching the ways people use the word. Privacy (as I’ve commented) has many meanings. You can’t simplify it into, say, identity theft. Solove uses family resemblances to say that they’re all related, even if they have very different personalities. Chapter 4, “The Value of Privacy” points out that one of the reasons we’re losing privacy is that it’s often portrayed as an individual right, based on hiding something. In policy fights, society tends to trump individualism. (Which is one reason the Bill of Rights in the US protects the individual.) Rather than calling for better protection of the individual, this chapter explores the many social values which privacy supports, bringing it closer to equal footing, and providing a policy basis for the defense and enhancement of privacy because it makes us all better off.

Chapter 5, “A Taxonomy of Privacy” is the core of the book. The taxonomy is rich. Solove devotes seventy pages to expounding on the harms done in not respecting privacy, and discussing a balance between societal interests of privacy and the reason for the invasion. In brief, the taxonomy is currently:

  1. Information collection: Surveillance, Interrogation
  2. Information Processing: Aggregation, Identification, Insecurity, Secondary Use, Exclusion
  3. Information Dissemination: Breach of confidentiality, Disclosure, Exposure, Increased Accessibility, Blackmail, Appropriation, Distortion
  4. Invasion: Intrusion, Decisional Interference.

I’ve tried to apply this taxonomy to issues. For example, when I wrote “Call Centers Will Get More Annoying,” I used the taxonomy, although not the words. There’s surveillance, secondary use, increased accessibility and (what feels like a form of) intrusion. What the taxonomy doesn’t do is capture or predict my outrage. I think that that’s an important weakness, but it may well be asking too much. Solove’s goals of a societal balance don’t admit my outrage as a key factor. They can’t. Outrage is too individual.

I’m also concerned that perhaps this isn’t a taxonomy. If you read the old posts in my taxonomies category, you’ll see that I spent a bunch of time digging fairly deeply into what taxonomies are, how they come about, how they’re used and abused. I don’t think that Solove’s taxonomy really fits into the core of a taxonomy: a deterministic way to classify things which we find, which various practitioners can reliably use. As in my example of the call centers, the flaws are legion, and some of my classification may be wrong.

At Microsoft, we use STRIDE as a “taxonomy” of security issues (STRIDE is Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) I think, as a taxonomy, STRIDE is lousy. If you know about an issue, it’s hard to classify using STRIDE. The categories overlap. On the other hand, it’s very useful as an evocation of issues that you might worry about, and the same may be said of Solove’s taxonomy. I also don’t have a superior replacement on hand, and so I use it and teach it. Taxonomy-ness is not next to godliness.

My other issue with Solove’s taxonomy is that it doesn’t recognize the issuance of identifiers, in and of itself, as a privacy issue. I believe that, even before the abuses start, there are forseeable issues that arise from issuing identification numbers to people, like the Social Security Number. The act of enumeration was clearly seen by as an invasion by Englishmen who named the Doomsday book. The ability of the US government to even take a census is tied directly to the specified purpose of allocating legislative seats. I see it as self-evident, and haven’t been able to find the arguments to convince Solove. (Solove and I have discussed this in email now and then; I haven’t convinced him [that identifiers are, per se, a privacy harm])

Chapter 6 Privacy: A New Understanding closes the book with a summation and a brief discussion of the future.

The book has a strong policy focus. I am very interested in understanding how this new understanding intersects both broad laws and legal principles (such as the Fair Information Practices) and specific law (for example, HIPAA). The FIP, the OECD privacy statements, and Canada’s PIPED act all show up in the discussion of secondary use. I’m also interested in knowing if an organization could practically adopt it as a basis for building products and services with good privacy. I think there’s very interesting follow-on work in both of these areas for someone to pick up.

I also worry that privacy as individual right is important. Even though Solove makes a convincing case that that’s a weaker policy basis than the one he lays out, that doesn’t mean it’s not to be cherished as a social value, and I feel that the view of privacy which Solove presents is weaker to the extent that it fails to embrace this.

In closing, there are three major elements to the book: the first is to take us past the definitional games of “what is privacy.” The second is a serious attempt to address the “what do you have to hide” approach to privacy. The third is the taxonomy. Two of these would have been a pretty good book. Three are impressive, even as I disagree with parts of it. Again, this is an important book and worth reading if you work in or around privacy.

[Edited to own up to having written “divisional interference”, rather than “decisional interference.”]

SOUPS 2008, summarized

I really appreciate the way that Richard Conlan has in-depth blogged all of the sessions from the 2008 Symposium on Usable Privacy and Security. The descriptions of the talks are really helpful in deciding which papers I want to dig into. More conferences should do this.

There’s only one request I’d make: There’s no single “pointer post” which lists all the blog posts in a way I can easily link to. It would be great to have such a post on the Usable Security blog.