netsekure rng

A friend of mine passed along a very interesting link to Programmer Competency Matrix which I found very interesting. It is a very useful evaluation tool to figure out where one sits in the overall skillset a programmer/developer can have.

It is interesting to see how the attack methodologies change with time. As security protocols become more mature and secure, people have moved up the stack. Case in point is the Defating SSL presentation which outlines how an attacker can take advantage of MiTM techniques to bypass SSL. The attack is against the end-to-end scenario, not the protocol itself, even though the protocols themselves sometimes have (implementation) issues too. As time has proven already, the weakest link in most software systems is the user when it comes to security and we all know that the system is as secure as its weakest link. It is/will be interesting to watch the evolution of the Internet and tools in the future to account for the weakest link. Relying on just presentation is not enough as proved by the above presentation. We need to solve the problem in an end-to-end manner while minimizing the interaction with the user. By reducing user input, we reduce the attack surface against the weakest link and achieving a more robust system.

Putting up my screenrc file that some people have expressed interest in. It is nice and convenient as it sets up a few windows to start with and a “taskbar” on the bottom of the screen, so you can switch easily with Ctrl+Arrow and visually see which window you are at.

If you have any suggestions for improvement, let me know.

Well, after being few years late to the blogging world, I finally gave in and stopped caring about having ultimate control over the site I have. That is how RNG @ netsekure is starting now, as an attempt to be a collection of my random thinking put into writing.