Wednesday, October 21, 2015

Yeair, Quadcopter




Yeair quadcopter combines the power of a combustion engine with the reliability of electric motors in one platform.  According to the Yeair 60-minute flight times are possible.  This is pretty incredible if true.  Following is a link to the Yeair Kickstarter project.

Friday, October 16, 2015

Movie: Rotor DR1





High rev'ing race drones in a dystopian world.  Geek out, drink beer, and get your drone fix, at $2.99 USD it's a bargain.  I'm looking forward to watching this movie.  Enjoy!

Wednesday, October 7, 2015

My OWASP Board of Directors Candidacy, Time to Vote!

I received my OWASP ballot this morning.  If your membership is up to date you will receive yours soon.  It's time to vote for your favorite OWASP board members.

I am running for the OWASP 2015 Global Board of Directors.  I have been laying low for most of the election process.  Mostly because fishing for ballots is a form of self-promotion that I find distasteful and I think others do as well.  However, I was speaking to a friend, current OWASP board member and project lead, Matt Konda recently at AppSecUSA 2015.  Matt mentioned something about the election process I took to heart.  In a nutshell, he said I'm thinking about the election process all wrong.  Don't think of the election process as a self-promotion effort; instead, give your friends an opportunity to help.  Your friends would like to see you succeed and they are in a position to help spread the message.  You should provide them an 'opportunity' to assist if they wish.  By remaining silent you don't provide them any opportunity to help you.  Matt could make a really great lawyer if he ever wants to move out of security.  But seriously, he makes a good point.  I help my friends so I should at least provide an option for friends that want to help me.  And if your not interested at all to assist, no worries.  If you want to learn about my views for OWASP check out my interview with Mark Miller on SoundCloud.

If there is anything you would like to do to help me succeed I can use the assistance.  For those interested, there are a few ways you can help.  Send a message to fellow OWASP members and encourage them to vote for me if they don't have a candidate in mind.
- Twitter, LinkedIn, Facebook, etc.
- Small blog post
- Emails to your friends (perhaps a little over the top but up to you)

I can't think of other ideas offhand.  A closing thought on other board candidates.  We are all competing for 4 open board seats.  Most of us know each other.  You have a great bunch of OWASP candidates to choose from regardless of how you vote.  It's a privilege to help whether I serve on the board or not.

Tuesday, October 6, 2015

EU-US Safe Harbor Ruled Invalid

You may be hearing about EU-US Safe Harbor discussion in the news.  At risk is the multinational companies ability to store and process EU data in the US.  Companies like Apple, Facebook, and Google provide EU services through computers located in the US.  Data is sent from EU to the US under the auspices of the EU-US Safe Harbor agreement.

October 6, 2015 the Court of Justice for the European Union (ECJ) ruled the Safe Harbor agreement invalid which places all EU data sent to the US in jeopardy.
"...the law and practice of the United States do not offer sufficient protection against surveillance by the public authorities of the data transferred to that country" [4] Court of Justice of the European Union
The ECJ recommended where protections cannot be guaranteed, "suspending the contested transfer of data"[4].  The only way US businesses can guarantee adequate protections for EU data is for the US government to develop laws protecting EU data from US government warrantless surveillance programs.  Without such transparency measures the only choices for Internet bellwethers are, develop new data centers within the EU for EU data, or pull the plug on the EU.  Either option is not very tenable for US multinationals or citizens of the EU.

Even if Internet bellwethers underwrote efforts to build EU data centers it's not clear EU data will be safe from US government overreach.  In a developing case between Microsoft and the US government,  the government contends it has the right to demand the email of anyone in the world so long as the provider is headquartered within the US [6].  Presumably, the legal precedent established for email would apply more broadly to all data.  I have been covering developments in this area over the last couple of years [1][2] for interested readers.

[1] Securitycurmudgeon.com, Balkanization of US Products and Service Technology Accellerates
[2] Securitycurmudgeon.com, A Crisis of Confidence Costs Real Money
[3] The Register, US tries one last time to sway EU court on data-slurping deal
[4] Politico.eu, Court of Justice of the European Union, PRESS RELEASE No 117/15, Luxembourg, 6 October 2015 [pdf]
[5] Reuters, Europe-U.S. data transfer deal used by thousands of firms is ruled invalid
[6] Guardian, Microsoft case: DoJ says it can demand every email from any US-based provider

Image: Wikipedia, EU Flag

Friday, October 2, 2015

JavaOne Track Highlights: Java and Security

Did you know Oracle's JavaOne Java developers conference has a full security track?  In "JavaOne Track Highlights: Java and Security" Yolande Poirier and David Lopez describe some of the track sessions and various links.  Disclosure, I lead the security track.  If you see any links on the track feel free to share and I will post.  See you at JavaOne.

Share It!