Building secure systems is difficult. It would be nice if we had a bunch of well-designed crypto building blocks that we could assemble in all sorts of ways and be certain that they would, no matter what, yield a secure system overall. There are, in fact, folks working on such things at a theoretical level [...]
I was at WWW2008 last week in Beijing, where I presented a Tutorial on RDFa with Elias Torres and Ivan Herman, and SessionLock, a technique for securing web session used over unencrypted HTTP.
The conference was a lot of fun. Spent quite a bit of time discussing security with Collin Jackson and Tyler Close. The main [...]
… the New York Times publishes a huge story on voting machines. To their credit, this is one of the best pieces I’ve seen to date, assuming you accept that these major publications simply refuse to talk about open-audit voting.
Some great lines that mirror what I’ve said in my own talks:
Part of the problem stems [...]
The StopBadware Project and the Berkman Center (disclaimer: I’m affiliated with both) just announced the winner of the “Cookie Crumbles” video contest to help explain web cookies to the world: Clayton Miller. Here’s his video:
It is 99% correct, and for a 1.5 minute film, that’s quite impressive. Good video to share with friends and family [...]
Vote By Mail in California
While we’re struggling to secure voting machines, a number of States are deploying “Vote By Mail Permanently!” Here’s a picture on a bus in the San Francisco Bay Area. What a nightmare.
I suspect that, for some election officials, the appeal of vote-by-mail is a bit [...]
I’m an advisor to Harvard Law’s Berkman Center, where I work specifically with StopBadware, a group of talented folks who are helping to identify and report on software that does bad stuff to your computer. Malware, spyware, adware, badware, whatever you want to call it, the issue is control and notice: do you control your [...]
The Swiss have implemented quantum cryptography to transfer votes to a central tallying authority. This is pretty cool, and I applaud the Swiss for trying new technologies to improve election security.
However, marketing this as “unbreakable encryption” is troubling. I can’t help but see this as a version of Gene Spafford’s warning writ large:
SSL is like [...]
A few weeks ago, I wrote about about how web sites that manage your data should be more open in order to better protect you. Not so surprisingly, I’m not the only one thinking about this issue.
Jeremy Keith has a fantastic detailed write-up regarding what he calls the “password anti-pattern.” It gets at the same [...]
This summer, I joined the faculty at Children’s Hospital Informatics Program. My work is focused on security and privacy of health data. One of the projects I’m contributing to was just announced in the press:
Dossia was established by major U.S. employers Applied Materials, BP America Inc., Cardinal Health, Intel Corporation, Pitney Bowes Inc. and Wal-Mart [...]
In the last few weeks, friends of mine — savvy friends of mine — have been hit by sites that ask for your gmail, yahoo, or hotmail password just so they can “check to see if your friends are using the site!” Quechup, the so-called “social network that’s sweeping the globe” is accomplishing that grand [...]
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Jun | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
Benlog by
Ben Adida is licensed under a
Creative Commons Attribution-Share Alike 3.0 License.
RSS