Category: security

  • Meltdown & Spectre for non-techies

    Meltdown & Spectre for non-techies

    As you’ve probably heard by now, a very serious CPU bug was disclosed a few days ago. Lots of folks have tried to explain it in non-technical terms. I’ve not been satisfied with any of these, and as someone who believes it is a solemn responsibility of experts to make important topics accessible to all, […]

  • security is hard, let’s improve the conversation

    A few days ago, a number of folks were up in arms over the fact that you can see saved passwords in your Google Chrome settings. Separately, a few folks got really upset about how Firefox no longer provide a user interface for disabling JavaScript. These flare-ups make me sad, because the conversations are often […]

  • Identity Systems: white labeling is a no-go

    There’s a new blog post with some criticism of Mozilla Persona, the easy and secure web login solution that my team works on. The great thing about working in the open at Mozilla is that we get this kind of criticism openly, and we respond to it openly, too. The author’s central complaint is that […]

  • connect on your terms

    I want to talk about what we, the Identity Team at Mozilla, are working on. Mozilla makes Firefox, the 2nd most popular browser in the world, and the only major browser built by a non-profit. Mozilla’s mission is to build a better Web that answers to no one but you, the user. It’s hard to […]

  • encryption is (mostly) not magic

    A few months ago, Sony’s Playstation Network got hacked. Millions of accounts were breached, leaking physical addresses and passwords. Sony admitted that their data was “not encrypted.” Around the same time, researchers discovered that Dropbox stores user files “unencrypted.” Dozens (hundreds?) closed their accounts in protest. They’re my confidential files, they cried, why couldn’t you […]

  • Online Voting is Terrifying and Inevitable

    Voting online for public office is a terrifying proposition to most security experts. The paths to subversion or failure are many: the server could get overwhelmed by attackers, preventing voting altogether the server could get hacked and the votes changed surreptitiously the users’ machines could get compromised by a virus, which would then flip votes […]

  • (your) information wants to be free

    A couple of weeks ago, Epsilon, an email marketing firm, was breached. If you are a customer of Tivo, Best Buy, Target, The College Board, Walgreens, etc., that means your name and email address were accessed by some attacker. You probably received a warning to watch out for phishing attacks (assuming it wasn’t caught in […]

  • intelligently designing trust

    For the past week, every security expert’s been talking about Comodo-Gate. I find it fascinating: Comodo-Gate goes to the core of how we handle trust and how web architecture evolves. And in the end, this crisis provides a rare opportunity. warning signs Last year, Chris Soghoian and Sid Stamm published a paper, Certified Lies [PDF], […]

  • the difference between privacy and security

    Facebook today rolled out new security features, both of which are awesome: SSL everywhere, and social re-authentication. True, SSL everywhere should probably be a default, even though I continue to believe that the cost is significantly underestimated by many privacy advocates. Regardless, this announcement is great news. The only nitpick I have, and I point […]

  • Crisis in the Java Community… could they have used a secret-ballot election?

    There is a bit of a crisis in the Java community: the Apache Foundation just resigned its seat on the Java Executive Committee, as did two individual members, Doug Lea and Tim Peierls. From what I understand, the central issue appears to be that Oracle, the new Java “owner” since they acquired Sun Microsystems, is […]

  • OK, let’s work to make SSL easier for everyone

    So in the wake of the FireSheep situation, which I described yesterday, the tech world is filled with people talking past each other on one important topic: should we just switch everything over to SSL? As I stated yesterday, I don’t think that’s going to happen anytime soon. I would love to be wrong, because […]

  • keep your hands off my session cookies

    For years, security folks — myself included — have warned about the risk of personalized web sites such as Google, Facebook, Twitter, etc. being served over plain HTTP, as opposed to the more secure HTTPS, especially given the proliferation of open wifi networks. But warnings from security freaks rarely get people’s attention. A demonstration is […]

  • faulty logic, even for good, is still faulty

    So Alex Halderman and team hacked the DC Internet Voting pilot. The voting system they attacked was not particularly well secured, and the type of attack used is a fairly simple web input corruption attack with little novelty. This hack, however, performs a very useful task: educating election officials and the public about what hacks […]

  • Fort Knox vs. the Barking Dog

    Over the last few days, Alex Halderman and his team at the University of Michigan hacked an Internet Voting System being field-tested by the DC Board of Elections. First, we need to commend both Alex’s team for their dutiful analysis of this system, and, more importantly, the DC Board of Elections for running an open […]

  • defending against your own stupidity

    When thinking about security, it is tempting to determine the worst-case attacker and focus defenses against it. (Of course, by worst-case, I mean within the bounds of a reasonable threat model: the NSA is not a reasonable worst-case attacker for every problem.) A corollary to this reasoning goes something like this: well, I’ve already implemented […]

  • an unwarranted bashing of Twitter’s oAuth

    Ryan Paul over at ArsTechnica claims a compromise of Twitter’s oAuth system, but fails to demonstrate such a compromise. It’s unfortunate, because some of his comments are indeed worthwhile, and there are a few interesting recommendations that Twitter should follow (hah, no pun intended). But what we have here is not a “compromise”, and the […]

  • Usenix Security, voting and health security

    I’m at Usenix Security 2010 in DC, starting with the EVT/WOTE Workshop on voting where I’ll be presenting an update on Helios, then the HealthSec workshop where I’ll be on a panel discussing my paper with Zak Kohane and Ken Mandl on using a Personally Controlled Health Record for health-information exchange [PDF]. The voting crowd […]

  • if you’re outraged by accidental breaches, you’d better sit down

    A few days ago, a security bug was discovered on Facebook, whereby users could see the chat transcripts of their friends talking to other friends. Then, another security hole was discovered where a problem at Yelp revealed email addresses of Facebook users. And today, Google realized that they accidentally collected network traffic from open wi-fi […]

  • Myth: the app store will protect you and prevent user confusion

    An interesting thing happened with the Apple AppStore this weekend: This weekend, as hundreds of thousands of people explored their iPads […] they found […] an application called Facebook Ultimate, featuring a sleek version of the familiar ‘f’ logo. The application quickly rose through the ranks to become one of the App Store’s top selling […]

  • Protecting against web history sniffing attacks: an alternative

    When a web site links to another web site, the link appears in a different color, usually a lighter shade of blue, if you’ve already visited the site. Unfortunately, this means that a malicious web site can learn what sites you visit by putting up a few links and checking to see how your browser […]

  • I was wrong about the iPad

    So I made a couple of predictions about the iPad, Apple’s tablet, and I realize in retrospect that, while I got some of the details right, I got the gist completely wrong. I thought it was going to be a special-purpose device. And most commentators are saying just that. But I was wrong and they […]

  • Sometimes it’s not counter-intuitive

    Bruce Schneier writes that it’s reasonable for unmanned drones to broadcast unencrypted video streams, because the video stream is not that useful to enemies, and given that many people need access to the video feed, the key distribution problem would be very difficult to manage, and some allies could be severely handicapped if they happened […]

  • It’s a WRAP followup: maybe the goal was client-side certs?

    I’m having some interesting offline followup discussions with folks about oAuth WRAP and my relatively negative reaction to it. One of the comments seems to be that SSL will recreate exactly the security that HMAC signatures were trying to achieve, and it was really hard for developers to do oAuth right in the first place. […]

  • It’s a WRAP

    I’m just finding out about oAuth WRAP, a new, simplified version of oAuth which some are calling the “valet key” approach to web data sharing: don’t give your Facebook password to a random web app, instead use oAuth to mint them a valet key that lets the app access only some specific portions of your […]

  • Facebook account hacked

    So this evening my Facebook account was hacked and spam messages were posted to a few dozen friends on my behalf. Thankfully, since I’m friends with a number of security-savvy folks, I was notified almost instantly. Now I’ve never cared too much about my Facebook account, so I used one of my weak passwords. I’m […]

  • Source Code and Voting: what’s really on that machine?

    Let’s say someone’s trying to sell you a house. It’s a beautiful house. You visit it. You have it inspected and re-inspected, and it’s perfect. You get a loan approved, and you’re about to sign the papers when you’re told: wait, actually, that house is no longer available, but why don’t you just sign here […]

  • Takoma Park 2009: the voter experience

    For background on this post, check out the Auditing Takoma Park 2009 Election. I’m gathering all documentation on a Google Site. This blog will continue to serve as the narrative, while the datasets and documentation will live on the Google Site, and I’ll refer to them as needed from this blog. Let’s begin with an explanation of the voting process that Takoma Park citizens will experience on November 3rd, 2009. (If you’re a Takoma Park resident: make sure to register by October 5th if you want to participate in this historic election!) Say hello to Valerie, our token voter. At a high level, Valerie’s voting experience is identical to her past experience with a typical optical-scan election. She fills in the bubbles for the candidates of her choice, casts her ballot, and walks away. With one twist: if Valerie wants to, she can write down some confirmation codes that will let her audit her ballot later on.

  • A Partial Report from Social Network Security 2009 @ Stanford

    On Friday, I attended Social Network Security 2009 at Stanford. This was a fantastic get-together, with some very interesting info from Facebook, Google, Yahoo, Loopt, and the research front. I have some notes, mostly from the first half of the day, at which point my laptop battery ran out. Time to upgrade to the 7-hour […]

  • The evolution of OpenID: you’re not a URL after all

    The US government has just announced a pilot program to integrate OpenID (and Information Cards) into public government web sites. This is very interesting news, as it will likely catalyze even greater OpenID deployment and use. [I’ve poo-poo’ed OpenID here and here, because of phishing and privacy concerns. I’m still very worried. I’ve suggested ways […]

  • Quick Thoughts from EVT Day #2

    I gave an invited talk on crypto voting. Ran out of time, as usual. I need to find a way to describe this stuff more efficiently. Later, I also presented MarkPledge2, joint work with Andy Neff. Olivier de Marneffe presented the UCL/Helios implementation. So much material to present there, he did a fantastic job of […]