Profile cover photo
Profile photo
Jeff Hodges (JeffH)
About
Jeff's posts

Post has attachment

<rant>
Apparently, G+ "nicknames" aren't the same as one's "google account nickname".  My goog acnt nickname has been "=JeffH" for years, but noooo, I'm not allowed to set my G+ nickname to that because of the special char "=" in it. sigh

I wouldn't care that much about it if it wasn't that recently another "Jeff Hodges" has shown up working publicly in similar areas as I do, and thus it is now more important to me, and I'd trust our various correspondents too, to be able to easily disambiguate us.  

I've been keeping the "=JeffH" i-name conceit, even thought i-names never caught on (which is what I'd expected but that's another story) because I figured if any other "jeff hodges" showed up (and gee, it did happen), then the "JeffH" moniker would still be disambiguated by the nerdy that-didn't-quite-work-out "=" sign. 

So I'm disappointed that I can't wield it here, and I'm hoping that Jeff (M) Hodges doesn't choose to also go by "JeffH" hereabouts....
</rant>

Post has attachment
Brad Hill on whether TLS/SSL is broken and how to fix it: <https://plus.google.com/111651590529917511252/posts/Qn9WP3PcRRt> From #RSAC panel discussion last week

Post has attachment
Real World Crypto Workshop has been interesting, and a great way to catch up with various colleagues f2f :)
https://crypto.stanford.edu/RealWorldCrypto/

Innaresting to note:  G+ allows editing of posts (my fat fingers thank them), but it seems that shared posts aren't subsequently updated?  Not within a few minutes anyway (will check again later)

Post has shared content
This is Good Stuff:
Five years on since 'clickjacking' became a big deal, it remains one of the big unsolved security problems for mashup-type applications that use cross-origin framing and embedding.  While it's far from a perfect solution, the W3C WebAppSec WG has taken a step towards providing developers standardized tools for protecting their users from click fraud with its release of a First Public Working Draft of the User Interface Safety Directives for Content Security Policy.  If you're interested in this area of web security, we would appreciate your comments.

Post has attachment
As others have noted, HTTP Strict Transport Security (HSTS) is now finalized/published as RFC6797:

RFC 6797 - HTTP Strict Transport Security (HSTS) 
http://tools.ietf.org/html/rfc6797

Although I'm honored by the various folks who've added me (i.e. my online G+ -specific persona) to their various circles, I remain underwhelmed and frustrated by today's webapp-based social network services, for various reasons. To clarify: even though I have my account here, I'll only occasionally use it - largely for familiarity/testing reasons. So don't be expecting me to have this webapp constantly open in a browser window, waiting to pounce on any or all of those pithy posts and notifications trickling through, or for myself to emit a constant stream of such. If you really want/need to contact me, email, instant messaging, or PSTN (sms/voice) remains your best choices, and I can be "followed" on the various public and private email distribution lists I participate on, or on my blogs, or on (ugh) twitter. Just sayin' (so y'all r aware). :-D

this is a test.
Wait while more posts are being loaded