Ryan Paul over at ArsTechnica claims a compromise of Twitter’s oAuth system, but fails to demonstrate such a compromise. It’s unfortunate, because some of his comments are indeed worthwhile, and there are a few interesting recommendations that Twitter should follow (hah, no pun intended). But what we have here is not a “compromise”, and the [...]
The web browser has become the universal trusted client. That can be good: users can mostly rely on their browsers to isolate their banking site from the other web sites they visit. It can also be bad for users’ freedom: Facebook can encourage the world to add “Like” buttons everywhere, and suddenly users are being [...]
A few years ago, a small group of folks (Mark Birbeck, Steven Pemberton, Ralph Swick, Shane McCarron, me, and more recently Ivan Herman, Manu Sporny, and a lot of great new folks) started with the simple idea that, if web pages contained a bit of structured data in addition to their haphazard content, we could [...]
I had an invigorating and thought-provoking chat with my good friend Oliver Roup today. We agreed that the Apple iPad is going to be an unbelievable success. I’ve thought from day one that it would be huge, but I think it will be bigger than huge. Before the end of the summer, millions of people [...]
When a web site links to another web site, the link appears in a different color, usually a lighter shade of blue, if you’ve already visited the site. Unfortunately, this means that a malicious web site can learn what sites you visit by putting up a few links and checking to see how your browser [...]
I’m having some interesting offline followup discussions with folks about oAuth WRAP and my relatively negative reaction to it. One of the comments seems to be that SSL will recreate exactly the security that HMAC signatures were trying to achieve, and it was really hard for developers to do oAuth right in the first place. [...]
I’m just finding out about oAuth WRAP, a new, simplified version of oAuth which some are calling the “valet key” approach to web data sharing: don’t give your Facebook password to a random web app, instead use oAuth to mint them a valet key that lets the app access only some specific portions of your [...]
So this evening my Facebook account was hacked and spam messages were posted to a few dozen friends on my behalf. Thankfully, since I’m friends with a number of security-savvy folks, I was notified almost instantly. Now I’ve never cared too much about my Facebook account, so I used one of my weak passwords. I’m [...]
Stefano Mazzocchi is awesome and his thinking on Web-based data is incredibly nuanced and pragmatic, so it’s not often that I want to publicly disagree with him. But in his latest post, I think he’s off the mark. Stefano argues: The difference between RDFa and Microdata (syntactic differences aside) is basically the fact that the [...]
On Friday, I attended Social Network Security 2009 at Stanford. This was a fantastic get-together, with some very interesting info from Facebook, Google, Yahoo, Loopt, and the research front. I have some notes, mostly from the first half of the day, at which point my laptop battery ran out. Time to upgrade to the 7-hour [...]
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Aug | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | |||
Benlog by
Ben Adida is licensed under a
Creative Commons Attribution-Share Alike 3.0 License.
RSS