Category: security

  • Protecting Data by Being More Open

    In the last few weeks, friends of mine — savvy friends of mine — have been hit by sites that ask for your gmail, yahoo, or hotmail password just so they can “check to see if your friends are using the site!” Quechup, the so-called “social network that’s sweeping the globe” is accomplishing that grand […]

  • The Insanity of Phone Authentication “Security Processes”

    For the second time in a month, a vendor says to me, on the phone: I’m sorry, sir, but that account is under your wife’s name, and only she can cancel the account. What was particularly annoying about this call (with Verizon, oh how much I loathe them), is that my wife had granted me […]

  • Windows Genuine Advantage: Guilty until Proven Innocent

    In cryptographic protocols, we talk about “the adversary”, this entity that’s trying to screw up the security goals of your protocol. Applied security folks also talk about adversaries, though they talk more often about “threats” and “threat models.” In any case, there’s some dark, shadowy, evil figure fighting against you. In a well architectured system, […]

  • Electronic Voting Technology, 2007

    I’m at EVT 2007, the USENIX/ACCURATE workshop on voting technology. I had to miss the first session because I flew in on the red-eye, so I missed three talks that described attacks on Nedap, Diebold, and Hart. I hear they were quite interesting. Design I The second session (the first I attended), started with Rice […]

  • Way to Go, Secretary Bowen.

    In 2004, I appeared on a panel at Harvard alongside Debra Bowen, who was then a California State Senator. I found her to be extremely sharp, and particularly insightful about voting issues at a time when most of the public debate was thoroughly confused (it’s gotten a little bit better since). Ms. Bowen has since […]

  • The Three Laws of Computer Ethics

    Julie Amero is a substitute teacher who faces the possibility of jail time because the classroom computer displayed pornographic popups to teenage kids. Though she tried to stop it, she was somehow blamed by an incompetent and overreaching school administration. Thankfully, she recently obtained a new trial. I hope this one is a bit less […]

  • Making Sure You’re Human

    I’ve had a bit too much weird spam lately, so I’ve added a CAPTCHA system where, if you want to post a comment, you have to recognize and type in two deformed words to prove you’re not a robot. I found this specific system, reCAPTCHA on Lessig’s Blog. Here’s how they describe themselves: reCAPTCHA asks […]

  • Get Over It, The Web is the Platform

    I have to be careful sometimes when posting about Apple’s latest stuff, because I am, to a certain degree, what some call an Apple fanboy. I don’t like everything Apple does, but I am certainly receptive to their designs and their approach to consumer technology. I think they generally “get it right” whereas so many […]

  • Voting: Things are Not Always What They Seem

    It’s interesting how Voting often comes up in so many discussions, and how often folks believe that Voting is a well established, stable process that is usually fair, except for those pesky touchscreen voting machines that are corrupting a process that has long been well managed. (Don’t get me wrong, I don’t like unverified touchscreen […]

  • Web 2.0 Security & Privacy Workshop

    Today, I was at the IEEE Web 2.0 Security & Privacy Workshop, where I presented a short position paper on extending the web browser to enable secure private-data mashups. I started the day not sure what to expect: maybe a day-long complaint about how web 2.0 concepts are insecure and we need to stop and […]

  • Voting à la Française

    Nicolas Sarkozy just won the French Presidential Elections by a sizeable margin. In case my fellow US liberals are worried about a “Conservative” victory in Europe, it’s important to note that the US Republican Party and the French UMP are by no means the same. Sarkozy used his first speaking opportunity to declare France “a […]

  • Time to Rethink the Cross-Domain Javascript situation

    Joe Walker worries about Operator Overloading in Javascript. Though I’m not sure I see an immediate attack, I think Joe is worried about the right thing: since cross-domain execution is dependent on whether the file is well-formed according to the Javascript language, and since the Javascript language is changing over time, we’ve got a real […]