Isolated corporate security is inappropriate

In my previous post I mentioned Mat Honan, the Wired author whose digital life was destroyed by hackers within an hour.  How they did it has big implications for how companies and corporate security think about and implement security and their security policies.

Using Amazon to hack Apple to hack Google to hack Twitter

The entire article about Mat’s experience is very interesting, and details exactly how quickly and easily the hackers were able to take over his account.  Mat actually talked with the hackers and they explained how they did it: Continue reading Isolated corporate security is inappropriate

Secure your e-mail with two-factor authentication

Particularly relevant after my discussion of Canadian banking password policies, Microsoft is adding two-factor authentication to Hotmail,, the Windows Store, and other Microsoft services.  Articles such as “Two-factor authentication finally heading to Microsoft Accounts” make it obvious that this is overdue (my emphasis).  Unfortunately it’s not released to the public yet, but if you use any of these Microsoft services then I recommend you use it when it becomes available.

Use two-factor authentication for your e-mail!

In fact, I STRONGLY recommend you use two-factor authentication for your e-mail account wherever you have e-mail.

The reason is simple:  Continue reading Secure your e-mail with two-factor authentication

Target-state banking password policies

Somebody commented to me the other day that a bank’s website wasn’t secure because of their poor password policies, and I’m sorry I gave that impression.  I can’t speak to their security overall, because I don’t know their network topology and a hundred other things about how they’ve implemented their systems and how they’ve trained their personal. Continue reading Target-state banking password policies

Tiny Tiny RSS solves Google Reader problem

As everybody knows by now, Google Reader is closing July 1st, 2013.  I’ve been using FeedDemon for my RSS news reading, and unfortunately it relies on Google Reader.  With Google Reader shutting down, the creator of FeedDemon, Nick Bradbury has indicated that FeedDemon will also be retired. Continue reading Tiny Tiny RSS solves Google Reader problem

Domain Driven Design over Test Driven Development

I believe that software development is design, either informed design or accidental design.

As a programmer is writing code, they are constantly and continuously making design decisions.  For example, consider the questions a developer asks herself when writing a simple method: Continue reading Domain Driven Design over Test Driven Development

Application design considerations

For some time now I’ve been meaning to write down rough list of things I consider in my role as enterprise architect for a project on either a new or existing system.  Often in the early stages of a project I will be the project architect, and then in the later stages of the project I will transition to become the lead developer. Thus, I have included a high-level application design consideration list and a more detailed lower level application design consideration list.  In my experience, being aware of the lower-level design considerations has always helped inform the high-level solution design considerations. Continue reading Application design considerations