Wednesday, May 26, 2010

A look back at posts in May 2009

This time last year I made some of my favourite posts. First I celebrated that I had reached about 1,000 visits and 2,000 page views a month, and now I am about double that.

Rethinking Thresholds for Account Lockouts was a simple post asking if the 3-strikes-your-out password policy makes sense. I posted my second Password Roundup #2, and reviewed from Qualys their study on The Half-life of Vulnerabilities is still 30 Days.

I also developed some thoughts why web app bugs don’t get fixed in The $28,000 Question: Project vs. Production Risk, after Jeremiah Grossman estimated that 28,000 well-spent dollars could fix the bugs at many sites.

On the crypto side I broke some news about The cost of SHA-1 collisions reduced to 2^{52}, and took a look at AES-256 and Reputational Risk. The AES post is now on the first page of a Google search for “aes 256” and has brought a steady flow of visits since last May, 1346 in total. I also asked if anyone could verify that the Total Internet computational power = 2^{85} operations, a statement I read in an ECRYPT report. I ended up contacting the authors and nope, no one knows where is came from. Sounds possible though.

I also posted The Sub-Time Crisis in Web 2.0, my thoughts on information overload in Web 2.0. I only used half the text I typed in from my written notes.