- My name is Ben Adida. I write about the intersection of the Web, Crypto, and Policy. More About Me.
-
Recent Posts
Category Archives: security
encryption is (mostly) not magic
A few months ago, Sony’s Playstation Network got hacked. Millions of accounts were breached, leaking physical addresses and passwords. Sony admitted that their data was “not encrypted.” Around the same time, researchers discovered that Dropbox stores user files “unencrypted.” Dozens … Continue reading
Online Voting is Terrifying and Inevitable
Voting online for public office is a terrifying proposition to most security experts. The paths to subversion or failure are many: the server could get overwhelmed by attackers, preventing voting altogether the server could get hacked and the votes changed … Continue reading
Posted in security, voting, web
4 Comments
(your) information wants to be free
A couple of weeks ago, Epsilon, an email marketing firm, was breached. If you are a customer of Tivo, Best Buy, Target, The College Board, Walgreens, etc., that means your name and email address were accessed by some attacker. You … Continue reading
Posted in data, privacy, security
9 Comments
intelligently designing trust
For the past week, every security expert’s been talking about Comodo-Gate. I find it fascinating: Comodo-Gate goes to the core of how we handle trust and how web architecture evolves. And in the end, this crisis provides a rare opportunity. … Continue reading
Posted in crypto, policy, security, web
3 Comments
the difference between privacy and security
Facebook today rolled out new security features, both of which are awesome: SSL everywhere, and social re-authentication. True, SSL everywhere should probably be a default, even though I continue to believe that the cost is significantly underestimated by many privacy … Continue reading
Posted in privacy, security, web
5 Comments
Crisis in the Java Community… could they have used a secret-ballot election?
There is a bit of a crisis in the Java community: the Apache Foundation just resigned its seat on the Java Executive Committee, as did two individual members, Doug Lea and Tim Peierls. From what I understand, the central issue … Continue reading
Posted in crypto, privacy, security, voting
Leave a comment
OK, let’s work to make SSL easier for everyone
So in the wake of the FireSheep situation, which I described yesterday, the tech world is filled with people talking past each other on one important topic: should we just switch everything over to SSL? As I stated yesterday, I … Continue reading
Posted in security, web
5 Comments
keep your hands off my session cookies
For years, security folks — myself included — have warned about the risk of personalized web sites such as Google, Facebook, Twitter, etc. being served over plain HTTP, as opposed to the more secure HTTPS, especially given the proliferation of … Continue reading
Posted in crypto, security, web
18 Comments
faulty logic, even for good, is still faulty
So Alex Halderman and team hacked the DC Internet Voting pilot. The voting system they attacked was not particularly well secured, and the type of attack used is a fairly simple web input corruption attack with little novelty. This hack, … Continue reading
Posted in security, voting
4 Comments
Fort Knox vs. the Barking Dog
Over the last few days, Alex Halderman and his team at the University of Michigan hacked an Internet Voting System being field-tested by the DC Board of Elections. First, we need to commend both Alex’s team for their dutiful analysis … Continue reading
Posted in security, voting
2 Comments