My invitated – a classic phishing attack

Phishing emails can be tiresome. Sometimes, though, they are classically bad. Even better, this one uses an old-school strategy to get you to click on a suspicious link. The domain name is "" which at first glance appears to go to a more-or-less legitimate news site. The extra "j" in "nytimes" is easy to overlook.... Continue Reading →

Migration Round Trip

A few weeks from now I'll throw the switch and redirect Cryptosmith web traffic to its new home. For now, still goes to the old site, though popular content and the RSS feed go to the new site at It's ironic that I'm moving to WordPress. My first site with a modern content... Continue Reading →

The Migrating Web Site

I am moving my Cryptosmith web site to This will give me a lot more time to work on content while wasting a lot less time on mucking with the site. There are things I love about Drupal, but I hate having to manually replace a bunch of files each time they revise the core... Continue Reading →

John Oliver on Net Neutrality

Comedian John Oliver has recorded a classic rant about net neutrality. Here's my favorite quote: The cable companies have figured out the great truth of America: If you want to do something evil, put it inside something boring. Apple could put the entire text of Mein Kampf inside the iTunes User Agreement and you'd just... Continue Reading →

The “Bug-Free Software” fallacy

About 20 years ago, I worked with a fellow who proudly told me that he had once written a flawless piece of software. He kept its inch-thick line printer listing as a shrine in his cubicle. I never asked him for details, because he got angry when people questioned his judgement on computing. After all,... Continue Reading →

Multics was flawless?

Last week I participated in a very geeky panel discussion about a now-defunct standard for computer system security: the TCSEC. I showed some charts and diagrams about costs, error rates, and adoption of government-sponsored programs for evaluating computer security. During the panel, some audience members made the following claim: "After its evaluation, Multics never needed a... Continue Reading →

Example of KISS

Ok, this is a backwards observation. One of my hot buttons is to spot "cyber security principles," that is, general but pointed observations on how to improve cyber security. A long-held principle is "Keep it Simple, Stupid." Thanks to Moore's Law and the constantly falling price of ever bigger, faster, and more complex tech, no... Continue Reading →

Digital’s RT-11 File System

(Circa 1975-199?) The PDP-11 computer, build by Digital Equipment Corporation (DEC) in the late 20th century, was a classic machine of the minicomputer era. At the time of the -11's introduction, DEC really had no idea what to do about software for its machines, and wasn't even sure what was appropriate in the way of... Continue Reading →

Security Design Principles

This is an extended, less-edited version of an article appearing in IEEE Security and Privacy in December 2012. This version specifically identifies all of the textbooks I reviewed while looking at information security design principles. Here is the citation for the published article: Smith, R.E.; , "A Contemporary Look at Saltzer and Schroeder's 1975 Design Principles," Security &... Continue Reading →

Create a website or blog at

Up ↑