- Hacking Dave pwns HealthCare.gov in front of Congress. More on the topic from Reuters.
- Troy Hunt shows you how not to build a “remember me” feature for your web application, followed by the correct way.
- Troy also has a great article about why password hints can be dangerous, especially when you mash up different data breaches.
- Rick Dobson has an article in which he shows how to mask and unmask data in SQL Server. I don’t know that I like it very much: I’d rather that PII not be reversable, so to that extent, I’d rather have random data. The problem is ensuring that your random data follows the same distribution as your actual data set, as otherwise you may potentially see different execution plans and have more difficulty troubleshooting performance problems.
- The NSA has been eavesdropping on foreign countries like Google and Yahoo. Hang on, something doesn’t sound quite right here… Bruce Schenier also notes that the NSA tells us not to worry because they have internal “checks and balances.” I’d start to believe that if I saw the numbers of how often NSA requests get shut down. As it is, though, it sounds like one more drop-down list to me.
- Daniel Soar has an essay on the NSA.
- If you have a consumer-grade router, go to DD-WRT or Open-WRT (or another open alternative) as your router firmware of choice. Companies like Linksys, D-Link, and Netgear don’t care about security.