defending against your own stupidity

When thinking about security, it is tempting to determine the worst-case attacker and focus defenses against it. (Of course, by worst-case, I mean within the bounds of a reasonable threat model: the NSA is not a reasonable worst-case attacker for every problem.) A corollary to this reasoning goes something like this: well, I’ve already implemented shield X, and if an attacker can defeat shield X, then they can probably also defeat shield Y, so I don’t need to implement shield Y because it’s useless. That’s misguided. There may be some very good reasons to implement shield Y. Consider the utility … Continue reading defending against your own stupidity

an unwarranted bashing of Twitter’s oAuth

Ryan Paul over at ArsTechnica claims a compromise of Twitter’s oAuth system, but fails to demonstrate such a compromise. It’s unfortunate, because some of his comments are indeed worthwhile, and there are a few interesting recommendations that Twitter should follow (hah, no pun intended). But what we have here is not a “compromise”, and the citation-and-reasoning-free fear-mongering about oAuth is poor reporting. the consumer secret is not important The article’s main argument is that the oAuth consumer secret is embedded in desktop clients and can be extracted. Yes. That sounds really bad doesn’t it? Except, as the article itself says: … Continue reading an unwarranted bashing of Twitter’s oAuth

Usenix Security, voting and health security

I’m at Usenix Security 2010 in DC, starting with the EVT/WOTE Workshop on voting where I’ll be presenting an update on Helios, then the HealthSec workshop where I’ll be on a panel discussing my paper with Zak Kohane and Ken Mandl on using a Personally Controlled Health Record for health-information exchange [PDF]. The voting crowd is emerging from a 2-day workshop with election officials on remote voting for military and overseas voters. I’m trying to get a sense of attendees’ impressions from that workshop, but suffice it to say that it seems to have been “exciting.” Ron Rivest compared online … Continue reading Usenix Security, voting and health security

if you’re outraged by accidental breaches, you’d better sit down

A few days ago, a security bug was discovered on Facebook, whereby users could see the chat transcripts of their friends talking to other friends. Then, another security hole was discovered where a problem at Yelp revealed email addresses of Facebook users. And today, Google realized that they accidentally collected network traffic from open wi-fi connections while gathering street-view data. In every instance, the companies involved didn’t mean to cause these data breaches. In every instance, they would gladly pay serious cash to prevent these bugs, given the negative publicity they cause. In every instance, most security folks I know … Continue reading if you’re outraged by accidental breaches, you’d better sit down

Myth: the app store will protect you and prevent user confusion

An interesting thing happened with the Apple AppStore this weekend: This weekend, as hundreds of thousands of people explored their iPads […] they found […] an application called Facebook Ultimate, featuring a sleek version of the familiar ‘f’ logo. The application quickly rose through the ranks to become one of the App Store’s top selling iPad applications. Unfortunately, it soon became apparent to these users that the application simply wasn’t very good, and that it wasn’t created by Facebook at all. […] the $2.99 application rose to become the #7 top paid app on the App Store. The app received … Continue reading Myth: the app store will protect you and prevent user confusion

Protecting against web history sniffing attacks: an alternative

When a web site links to another web site, the link appears in a different color, usually a lighter shade of blue, if you’ve already visited the site. Unfortunately, this means that a malicious web site can learn what sites you visit by putting up a few links and checking to see how your browser is rendering them. Arvind explained the shockingly bad outcome of this small flaw a few weeks ago. Today, Mozilla is proposing an interesting way to “plug” this leak, by attacking the problem from both ends. First the style changes for visited links are now limited: … Continue reading Protecting against web history sniffing attacks: an alternative

I was wrong about the iPad

So I made a couple of predictions about the iPad, Apple’s tablet, and I realize in retrospect that, while I got some of the details right, I got the gist completely wrong. I thought it was going to be a special-purpose device. And most commentators are saying just that. But I was wrong and they are wrong. The iPad is very much meant to be a new approach to how we use computers in general. Still think it’s just a big iPhone? Watch these few minutes of video, a summary of how you interact with the iPad to create slides … Continue reading I was wrong about the iPad