A few months ago, Sony’s Playstation Network got hacked. Millions of accounts were breached, leaking physical addresses and passwords. Sony admitted that their data was “not encrypted.” Around the same time, researchers discovered that Dropbox stores user files “unencrypted.” Dozens (hundreds?) closed their accounts in protest. They’re my confidential files, they cried, why couldn’t you [...]
Voting online for public office is a terrifying proposition to most security experts. The paths to subversion or failure are many: the server could get overwhelmed by attackers, preventing voting altogether the server could get hacked and the votes changed surreptitiously the users’ machines could get compromised by a virus, which would then flip votes [...]
A couple of weeks ago, Epsilon, an email marketing firm, was breached. If you are a customer of Tivo, Best Buy, Target, The College Board, Walgreens, etc., that means your name and email address were accessed by some attacker. You probably received a warning to watch out for phishing attacks (assuming it wasn’t caught in [...]
For the past week, every security expert’s been talking about Comodo-Gate. I find it fascinating: Comodo-Gate goes to the core of how we handle trust and how web architecture evolves. And in the end, this crisis provides a rare opportunity. warning signs Last year, Chris Soghoian and Sid Stamm published a paper, Certified Lies [PDF], [...]
Facebook today rolled out new security features, both of which are awesome: SSL everywhere, and social re-authentication. True, SSL everywhere should probably be a default, even though I continue to believe that the cost is significantly underestimated by many privacy advocates. Regardless, this announcement is great news. The only nitpick I have, and I point [...]
There is a bit of a crisis in the Java community: the Apache Foundation just resigned its seat on the Java Executive Committee, as did two individual members, Doug Lea and Tim Peierls. From what I understand, the central issue appears to be that Oracle, the new Java “owner” since they acquired Sun Microsystems, is [...]
So in the wake of the FireSheep situation, which I described yesterday, the tech world is filled with people talking past each other on one important topic: should we just switch everything over to SSL? As I stated yesterday, I don’t think that’s going to happen anytime soon. I would love to be wrong, because [...]
For years, security folks — myself included — have warned about the risk of personalized web sites such as Google, Facebook, Twitter, etc. being served over plain HTTP, as opposed to the more secure HTTPS, especially given the proliferation of open wifi networks. But warnings from security freaks rarely get people’s attention. A demonstration is [...]
So Alex Halderman and team hacked the DC Internet Voting pilot. The voting system they attacked was not particularly well secured, and the type of attack used is a fairly simple web input corruption attack with little novelty. This hack, however, performs a very useful task: educating election officials and the public about what hacks [...]
Over the last few days, Alex Halderman and his team at the University of Michigan hacked an Internet Voting System being field-tested by the DC Board of Elections. First, we need to commend both Alex’s team for their dutiful analysis of this system, and, more importantly, the DC Board of Elections for running an open [...]
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Dec | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | ||||
Benlog by
Ben Adida is licensed under a
Creative Commons Attribution-Share Alike 3.0 License.
RSS