- My name is Ben Adida. I'm a control freak: I care about people controlling their online lives and the role the Web, Crypto, and Policy play. More About Me.
-
Recent Posts
May 2013 M T W T F S S « Apr 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Category Archives: security
Identity Systems: white labeling is a no-go
There’s a new blog post with some criticism of Mozilla Persona, the easy and secure web login solution that my team works on. The great thing about working in the open at Mozilla is that we get this kind of … Continue reading
Posted in identity, mozilla, security
3 Comments
connect on your terms
I want to talk about what we, the Identity Team at Mozilla, are working on. Mozilla makes Firefox, the 2nd most popular browser in the world, and the only major browser built by a non-profit. Mozilla’s mission is to build … Continue reading
encryption is (mostly) not magic
A few months ago, Sony’s Playstation Network got hacked. Millions of accounts were breached, leaking physical addresses and passwords. Sony admitted that their data was “not encrypted.” Around the same time, researchers discovered that Dropbox stores user files “unencrypted.” Dozens … Continue reading
Online Voting is Terrifying and Inevitable
Voting online for public office is a terrifying proposition to most security experts. The paths to subversion or failure are many: the server could get overwhelmed by attackers, preventing voting altogether the server could get hacked and the votes changed … Continue reading
Posted in security, voting, web
4 Comments
(your) information wants to be free
A couple of weeks ago, Epsilon, an email marketing firm, was breached. If you are a customer of Tivo, Best Buy, Target, The College Board, Walgreens, etc., that means your name and email address were accessed by some attacker. You … Continue reading
Posted in data, privacy, security
9 Comments
intelligently designing trust
For the past week, every security expert’s been talking about Comodo-Gate. I find it fascinating: Comodo-Gate goes to the core of how we handle trust and how web architecture evolves. And in the end, this crisis provides a rare opportunity. … Continue reading
Posted in crypto, policy, security, web
3 Comments
the difference between privacy and security
Facebook today rolled out new security features, both of which are awesome: SSL everywhere, and social re-authentication. True, SSL everywhere should probably be a default, even though I continue to believe that the cost is significantly underestimated by many privacy … Continue reading
Posted in privacy, security, web
5 Comments
Crisis in the Java Community… could they have used a secret-ballot election?
There is a bit of a crisis in the Java community: the Apache Foundation just resigned its seat on the Java Executive Committee, as did two individual members, Doug Lea and Tim Peierls. From what I understand, the central issue … Continue reading
Posted in crypto, privacy, security, voting
Leave a comment
OK, let’s work to make SSL easier for everyone
So in the wake of the FireSheep situation, which I described yesterday, the tech world is filled with people talking past each other on one important topic: should we just switch everything over to SSL? As I stated yesterday, I … Continue reading
Posted in security, web
5 Comments
keep your hands off my session cookies
For years, security folks — myself included — have warned about the risk of personalized web sites such as Google, Facebook, Twitter, etc. being served over plain HTTP, as opposed to the more secure HTTPS, especially given the proliferation of … Continue reading
Posted in crypto, security, web
18 Comments