Category Archives: web

Protecting against web history sniffing attacks: an alternative

Posted on March 31, 2010 by ben

When a web site links to another web site, the link appears in a different color, usually a lighter shade of blue, if you’ve already visited the site. Unfortunately, this means that a malicious web site can learn what sites … Continue reading

Posted in security, web | 6 Comments

It’s a WRAP followup: maybe the goal was client-side certs?

Posted on December 23, 2009 by ben

I’m having some interesting offline followup discussions with folks about oAuth WRAP and my relatively negative reaction to it. One of the comments seems to be that SSL will recreate exactly the security that HMAC signatures were trying to achieve, … Continue reading

Posted in security, web | Leave a comment

It’s a WRAP

Posted on December 22, 2009 by ben

I’m just finding out about oAuth WRAP, a new, simplified version of oAuth which some are calling the “valet key” approach to web data sharing: don’t give your Facebook password to a random web app, instead use oAuth to mint … Continue reading

Posted in security, web | 6 Comments

Facebook account hacked

Posted on November 11, 2009 by ben

So this evening my Facebook account was hacked and spam messages were posted to a few dozen friends on my behalf. Thankfully, since I’m friends with a number of security-savvy folks, I was notified almost instantly. Now I’ve never cared … Continue reading

Posted in security, web | Leave a comment

Stefano thinks I’m a purist…

Posted on September 25, 2009 by ben

Stefano Mazzocchi is awesome and his thinking on Web-based data is incredibly nuanced and pragmatic, so it’s not often that I want to publicly disagree with him. But in his latest post, I think he’s off the mark. Stefano argues: … Continue reading

Posted in data, web | Leave a comment

A Partial Report from Social Network Security 2009 @ Stanford

Posted on September 13, 2009 by ben

On Friday, I attended Social Network Security 2009 at Stanford. This was a fantastic get-together, with some very interesting info from Facebook, Google, Yahoo, Loopt, and the research front. I have some notes, mostly from the first half of the … Continue reading

Posted in privacy, security, web | 2 Comments

Real-world usage sometimes includes things you don’t like

Posted on August 25, 2009 by ben

When people criticize RDFa without much experience really working with it, I tend to ignore the comments, because they’re usually out to prove some subjective point about what they think the Web should be like (“prefixes are ugly!” “Yahoo’s RDFa … Continue reading

Posted in web | 12 Comments

Multi-Factor, maybe, but is it really harder to phish?

Posted on July 17, 2009 by ben

MIT Tech Review asked me for a general comment on web authentication for their article covering new technology by Delfigo. There wasn’t enough time to look in depth at Delfigo’s technology, so my comments were about multi-factor authentication in general, … Continue reading

Posted in press, security, web | 14 Comments

Engaging Data going, going….

Posted on July 6, 2009 by ben

The Engaging Data Conference at MIT, which brings together a number of interesting folks around the management of personal electronic data, is happening in October. The deadline for papers is this week, so submit a paper now if you’ve got … Continue reading

Posted in privacy, security, web | Leave a comment

Pot, Kettle, meet Zuckerberg

Posted on June 23, 2009 by ben

Facebook is an impressive company, they’ve done and continue to do some very amazing things. And I admit I certainly didn’t see them coming 4 years ago. But okay, come on: “No one wants to live in a surveillance society,” … Continue reading

Posted in data, privacy, web | Leave a comment