Share this page!

matt blaze Profile picture
Twitter logo
Jan 25 5 tweets 1 min read
I'm not in the UK, and not steeped in the details of this proposal, but this is a broadly terrible idea that will do serious harm to computer security.

"Non professional" researchers often find and report critical vulnerabilities. Excluding or discouraging them is insane.
Computer security has a long history of contributions from people without formal education, training, certification, or affiliation. The idea that such people should be regarded as inherently "suspect" is not just classist and offensive, but empirically false.
The only people who benefit from proposals like this are those fortunate enough qualify to be in the official "legitimate" group. Everyone else, including the public, loses.
Disclaimer: I have no stake in this. I'm not in the UK, and I'd almost certainly qualify to be in the "in" group if I were.
This makes about as much sense as licensing stand-up comics.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with matt blaze

matt blaze Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mattblaze

matt blaze Profile picture
Jan 23
One of the former "Voatz" people just crawled out from under their rock to cry about criticism of insecure voting systems (like Voatz). If you're not familiar with Voatz, here's an example of what the kinds of researchers he's complaining about have found: usenix.org/conference/use…
So, yeah, I can see how people associated with that company would really dislike the concept of independent security analysis of voting system. It must really irk them.
To be fair, he says we should just give more credit for "trying".
Read 5 tweets
matt blaze Profile picture
Jan 23
Today on Twitter I've been taken to task for

(1) being too "negative" about bad voting systems;
and
(2) looking too much like Bill Gates

I'm guilty as charged on (1). (2) seems extremely dubious, but I intend to test it out as soon as I find out what bank he uses.
"Hello as you can see I am definitely Bill Gates. I would like to make a completely routine withdrawal, as billionaires like me often do."
The Bill Gates thing is more loaded than I originally understood.

Read 4 tweets
matt blaze Profile picture
Jan 22
I wonder what the people who think we shouldn't talk about vulnerabilities in election hardware and software think we should do. Do they think everyone should just shut up about it and hope for the best?
So much of the attitude still present in some circles about voting security reminds me of computer security in the mid 90's, when vendors routinely attacked and threatened people who found and reported security bugs. It didn't work then, and it doesn't work now.
Computer security has grown up since then. It now celebrates discovery and discussion of vulnerabilities (and ways to eliminate them) as essential parts of the software life cycle. Our infrastructure is far more robust because of this.

Voting vendors can learn something here.
Read 4 tweets
matt blaze Profile picture
Jan 18
covidtests.gov seems to be semi-live (sometimes it says ordering starts tomorrow, other times it links to the order page).

It seems to be uneven about how it handles apartment buildings, with some people being rejected if someone else in the same building also ordered.
Apparently you’re supposed to be able to order 4 free rapid (antigen) tests per household. That’s definitely better than nothing, but also clearly insufficient without sustained additional test distribution.
The current 4-per-address scheme makes the most sense as a strategy for ensuring that households have tests on hand for people who develop symptoms, as opposed to as part of a routine testing regime.
Read 9 tweets
matt blaze Profile picture
Jan 16
TIL that (possibly) the first (civilian) college course in cryptography was taught in 1941 my alma mater, @Hunter_College. Whether it was actually the first such course is a good question, but this is fascinating in any case. nytimes.com/1941/09/28/arc…
@Hunter_College Hunter was, at the time, a women-only college focused on training teachers (though this course, in the evening session, may have also been open to men). The instructor was a locally famous architect, Rosario Candela, who had recently successfully broken a french military cipher.
@Hunter_College The NYT archive is unfortunately paywalled, but everything in the article is amazing.
Read 5 tweets
matt blaze Profile picture
Jan 15
Preventing these kinds of attacks is a practical application of small Faraday containers. See mattblaze.org/blog/faraday
I understand the convenience of these key fobs, but the manufacturers really should equip them with a hard off switch (which would be cheaper and simpler than needing to store them in a shielded container).
And before you say "this only affects rich people with fancy cars", this kind of technology makes it way into cheap cars very quickly. It's like saying "look at the fancy car with AIR CONDITIONING".

The rich people with fancy cars are debugging this for the rest of us.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @mattblaze has new unrolls!

Check out other threads from @mattblaze!

Read all threads by @mattblaze

:(