Benlog

crypto applied to public policy

Archive for the 'security' Category

Don’t Hash Secrets

Posted: Thursday, June 19th, 2008 @ 8:34 pm in crypto, identity, personal, security, web | 6 Comments »

Building secure systems is difficult. It would be nice if we had a bunch of well-designed crypto building blocks that we could assemble in all sorts of ways and be certain that they would, no matter what, yield a secure system overall. There are, in fact, folks working on such things at a theoretical level [...]

WWW2008

Posted: Tuesday, April 29th, 2008 @ 3:13 pm in security, web | No Comments »

I was at WWW2008 last week in Beijing, where I presented a Tutorial on RDFa with Elias Torres and Ivan Herman, and SessionLock, a technique for securing web session used over unencrypted HTTP.
The conference was a lot of fun. Spent quite a bit of time discussing security with Collin Jackson and Tyler Close. The main [...]

You know it’s election season when…

Posted: Saturday, January 5th, 2008 @ 2:34 pm in security, voting | 1 Comment »

… the New York Times publishes a huge story on voting machines. To their credit, this is one of the best pieces I’ve seen to date, assuming you accept that these major publications simply refuse to talk about open-audit voting.
Some great lines that mirror what I’ve said in my own talks:

Part of the problem stems [...]

Web Cookies Explained

Posted: Tuesday, November 6th, 2007 @ 12:03 pm in privacy, security, web | No Comments »

The StopBadware Project and the Berkman Center (disclaimer: I’m affiliated with both) just announced the winner of the “Cookie Crumbles” video contest to help explain web cookies to the world: Clayton Miller. Here’s his video:

It is 99% correct, and for a 1.5 minute film, that’s quite impressive. Good video to share with friends and family [...]

Bullet-Proofing the Front Door and Leaving the Back Door Open

Posted: Friday, October 26th, 2007 @ 10:03 pm in policy, security, voting | No Comments »

Vote By Mail in California

While we’re struggling to secure voting machines, a number of States are deploying “Vote By Mail Permanently!” Here’s a picture on a bus in the San Francisco Bay Area. What a nightmare.
I suspect that, for some election officials, the appeal of vote-by-mail is a bit [...]

The State of Badware

Posted: Wednesday, October 17th, 2007 @ 3:36 pm in policy, security, web | No Comments »

I’m an advisor to Harvard Law’s Berkman Center, where I work specifically with StopBadware, a group of talented folks who are helping to identify and report on software that does bad stuff to your computer. Malware, spyware, adware, badware, whatever you want to call it, the issue is control and notice: do you control your [...]

Of Park Benches, Cardboard Boxes, Armored Cars and Voting

Posted: Tuesday, October 16th, 2007 @ 6:12 pm in crypto, security, voting | 4 Comments »

The Swiss have implemented quantum cryptography to transfer votes to a central tallying authority. This is pretty cool, and I applaud the Swiss for trying new technologies to improve election security.
However, marketing this as “unbreakable encryption” is troubling. I can’t help but see this as a version of Gene Spafford’s warning writ large:

SSL is like [...]

The Password Anti-Pattern and the Login Redirection Anti-Pattern

Posted: Friday, October 12th, 2007 @ 1:07 pm in identity, security, web | 2 Comments »

A few weeks ago, I wrote about about how web sites that manage your data should be more open in order to better protect you. Not so surprisingly, I’m not the only one thinking about this issue.
Jeremy Keith has a fantastic detailed write-up regarding what he calls the “password anti-pattern.” It gets at the same [...]

Health Records and Me

Posted: Monday, September 17th, 2007 @ 10:03 am in medical, personal, security | No Comments »

This summer, I joined the faculty at Children’s Hospital Informatics Program. My work is focused on security and privacy of health data. One of the projects I’m contributing to was just announced in the press:

Dossia was established by major U.S. employers Applied Materials, BP America Inc., Cardinal Health, Intel Corporation, Pitney Bowes Inc. and Wal-Mart [...]

Protecting Data by Being More Open

Posted: Thursday, September 13th, 2007 @ 6:20 pm in policy, security | 7 Comments »

In the last few weeks, friends of mine — savvy friends of mine — have been hit by sites that ask for your gmail, yahoo, or hotmail password just so they can “check to see if your friends are using the site!” Quechup, the so-called “social network that’s sweeping the globe” is accomplishing that grand [...]

 
Close
E-mail It