Benlog

security, privacy, transparency.

Archive for December, 2009

Sometimes it’s not counter-intuitive

Posted: Sunday, December 27th, 2009 @ 5:36 pm in crypto, security | 0 Comments

Bruce Schneier writes that it’s reasonable for unmanned drones to broadcast unencrypted video streams, because

the video stream is not that useful to enemies, and
given that many people need access to the video feed, the key distribution problem would be very difficult to manage, and some allies could be severely handicapped if they happened [...]

a prediction regarding the Apple “Tablet”

Posted: Saturday, December 26th, 2009 @ 8:31 pm in autonomy, policy | 0 Comments

Why a prediction? Eh, cause it’s fun and cause I think the Apple Tablet will have a large impact on consumer computing.
I think Apple will launch a tablet computer in January that will be aimed at saving TV and print journalism. On-demand video and on-demand print magazines and newspapers will be at the forefront. And [...]

Takoma Park 2009: the conclusion

Posted: Wednesday, December 23rd, 2009 @ 9:20 pm in Takoma Park 2009, crypto, voting | 0 Comments

Well, it’s been a few weeks of craziness at home and catching up on other work, but I’ve finally wrapped up the Takoma Park 2009 audit. The final step: letting you, dear reader, run the audit all on your own.
You’ll find the complete instructions here on the auditing site.
I haven’t tested this on Windows, just [...]

It’s a WRAP followup: maybe the goal was client-side certs?

Posted: Wednesday, December 23rd, 2009 @ 2:48 pm in security, web | 0 Comments

I’m having some interesting offline followup discussions with folks about oAuth WRAP and my relatively negative reaction to it. One of the comments seems to be that SSL will recreate exactly the security that HMAC signatures were trying to achieve, and it was really hard for developers to do oAuth right in the first place.
I [...]

It’s a WRAP

Posted: Tuesday, December 22nd, 2009 @ 1:58 pm in security, web | 0 Comments

I’m just finding out about oAuth WRAP, a new, simplified version of oAuth which some are calling the “valet key” approach to web data sharing: don’t give your Facebook password to a random web app, instead use oAuth to mint them a valet key that lets the app access only some specific portions of your [...]