With my experience in IT, it’s more surprising that such a massive attack took so long to happen.
For the project I’m working on, I have to grant users access to pages. Pretty standard, ThinkTecture solved this problem long ago. Since this is a government project, they don’t understand the benefit of using a lot of outside packages. So, based off of a blog post from Dominick Baier on using claims based authorization in MVC, I build the following method:
Recently I was at a party and the topic turned to “the terrorists use encryption to hide their communications, we should get rid of all encryption so the police can monitor everything.”
And to my shame, I had only technical answers such as “but you need encryption because of security, otherwise everybody can see what you’re doing.”