Today, there is information overload. Everything is fighting for your attention, and the web does not make this easier. You start reading an article, which leads to three other pieces, and down you go the rabbit hole. Have you ever been there?
Listening to some feedback, I realized I am creating such mini rabbit holes for you. You came here for easily digestible, useful security knowledge, what I call security drops. Sometimes, this is what you find. Other times, these tiny drops are only meaningful if you already have a barrel full of prerequisite knowledge.
This phenomenon is called “barrier to entry.” You have to do your homework before you can acquire drop you came here for. Have you ever felt like that?
I did lots of times. Does the following sound familiar?
You start reading with enthusiasm only to find that there is a gap between you and the author. For a while you follow along but then, you let go. At this point the author caused you to set up a mental barrier, which will weaken or even nullify the message. This is ultimately a failure, not on your part, but the author's. This is less then ideal.
Security is a complicated topic. It has its jargon, particular phrases, abbreviations and complex concepts. You shouldn't have to know all of it to understand a security drop. I.e., the barrier to entry should be minimized.
This is precisely what I set out to do. While you could quickly look up everything you do not immediately understand, you would likely end up in the rabbit hole. How about having all this information in one place, succinct and expressed in a way that makes sense for you?
Well then, meet The Glossary.
Here is a sample entry.
DES - Data Encryption Standard. DES is a symmetric block cipher with a 64 bit block size and 56 bit key size. It takes a 64 bit key, but only 56 bits is used during encryption/decryption. DES is insecure today. Use AES (or 3DES for legacy systems).
It is very brief and has references further glossary items. In about a minute or so you could completely get up to speed.
Currently, the glossary holds 130+ items, and it will surely grow. I encourage you to browse through it. Chances are, it will clarify a few things and who knows, you may even learn something completely new!
By the way, if you think anything is missing or something needs correction, give me a shot through the comments or on Twitter (@archfelin).
So that's that. However, I do have one more thing for you. Wouldn't it be great if you could access this information, while reading a security drop, without needing to navigate away?
This is where in-article tooltips come in. Take a look at the following paragraph using this feature. Be sure to hover over the security terms!
[SNIP]…the TLS protocol relies on PKI. The idea is rather simple. CAs issue digital certificates and end-users simply trust the root certificate of the CAs. While connecting clients build a trust-chain between the domain's certificate and the root…[SNIP]
Hopefully, this will make every security drop more enjoyable. I plan on going back and annotating the previous articles, but that might take a while.
Thanks for tuning in!
P.S. If you have not already, take a look at The Glossary ;)