TradeOffs in Cyber Security

Dan Geer, 9th October 2013, UNCC

Thank you for the invitation to speak with you today, which, let me be clear, is me speaking as myself and not for anybody or anything else. As you know, I work the cybersecurity trade, and I am gratified that ten days ago the U.S. National Academy of Sciences, on behalf of the Department of Homeland Security, concluded that cybersecurity should be seen as an occupation and not a profession because the rate of change is too great to consider professionalization.[1] That rate of change is why cybersecurity is perhaps the most intellectually demanding occupation on the planet. In writing this essay, the breadth of tradeoffs in cyber security and that fundamental intellectual challenge in those tradeoffs caused me to choose to narrow my focus to one class of tradeoffs in cyber security rather than them all; looking at the state of the current world, I decided to focus on personal data and the government.


"In God we trust. Everybody else we verify using PGP!"
-- Tim Newsome

"They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
-- Benjamin Franklin

"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."
-- Benjamin Franklin

"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
-- William Pitt, British Prime Minister, November 18, 1783

SSL certificates in a jiffy

Quick guide to generating self-signed certificates for use with Apache et al.
Replace <servername> with the fully qualified name of the server you're generating the key for.

openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout <servername>-key.pem -out <servername>-cert.pem

This outputs the certificate and the key into individual files. These can be concatenated if necessary.
This also uses the SHA-2 algorithm as the signing algorithm, rather than the older SHA-1 which is deprecated at the time of writing.

My Websites

I've developed and maintain a few websites for friends over that past few years, just for completeness I decided I ought to document the fact (displaying another string to my bow - so to speak).

  • Rainydayz (this site) - my personal website.
    • Miniz - a sub-domain of this, which I use for testing and development.
  • - my wife's website, currently underutilised, but we have plans to take advantage of her cross-stitching skills.
  • Renegade Minis - the club site for the Mini club of which I'm a member.
  • Anime Girls - for my daughter, a hobby site.
  • Driving Laine S.O.M. - a site for a lifelong friend of my wife who runs a driving school.
  • FixIt Bodyworks - a site for the bodyshop responsible for the bodywork and respray of my car.

Price Philip : Ninety Gaffes In Ninety Years

As originally published in "The Independent"

  1. "Ghastly."
    Prince Philip's opinion of Beijing, during a 1986 tour of China.
  2. "Ghastly."
    Prince Philip's opinion of Stoke-on-Trent, as offered to the city's Labour MP Joan Walley at Buckingham Palace in 1997.
  3. "Deaf? If you're near there, no wonder you are deaf."
    Said to a group of deaf children standing near a Caribbean steel drum band in 2000.
  4. "If you stay here much longer, you will go home with slitty eyes."
    To 21-year-old British student Simon Kerby during a visit to China in 1986.
  5. "You managed not to get eaten then?"
    To a British student who had trekked in Papua New Guinea, during an official visit in 1998.

The Green Thing

In the queue at Tesco, the cashier told an older woman that she should bring her own grocery bags because plastic bags weren't good for the environment.

The woman apologized to her and explained, "We didn't have the "green thing" back in my day."

The cashier responded, "That's our problem today. Your generation never cared enough to save our environment."

She was right -- our generation didn't have the "green thing" in its day......or....?

Statsminister Jens Stoltenbergs tale på Rådhusplassen 25. juli

Kjære alle sammen,

For et syn!

Jeg står nå ansikt til ansikt med folkeviljen.

Dere er folkeviljen.

Tusener på tusener av nordmenn, i Oslo og over hele landet, gjør det samme i kveld.

Erobrer gatene, torgene – det offentlige rom med samme trassige budskap:

Vi er sønderknust, men vi gir oss ikke.

Med fakler og roser gir vi verden beskjed.

Vi lar ikke frykten knekke oss.

Og vi lar ikke frykten for frykt kneble oss.-

A Miracle In Scotland

Sandy Smith - Reproduced from The Transverse Myelitis Association Journal

Having had TM for almost 22 years, I still find it very difficult to accept what happened to me 6 months ago. I feel as though I experienced a miracle. I hope that my story will give hope to other TM sufferers.

How To Stop Worrying And Learn To Love The Internet

Courtesy of Douglas Adams

A couple of years or so ago I was a guest on Start The Week, and I was authoritatively informed by a very distinguished journalist that the whole Internet thing was just a silly fad like ham radio in the fifties, and that if I thought any different I was really a bit naïve. It is a very British trait – natural, perhaps, for a country which has lost an empire and found Mr Blobby – to be so suspicious of change.


Subscribe to RSS - blogs