Entries (RSS)  |  Comments (RSS)

Archive for the ‘security’ Category

Twitter Digits

Posted by on October 22nd, 2014

Twitter’s newest service, Digits, offers a glimpse into a world of “growth at any cost.” Or, as it is put forth on the developer site, “Growth, Simplified.” Their insecure attempt to eliminate the password, moving to SMS as a primary, single-factor authentication endangers users of the Twitter application and all future developers (and their users) […]

Read Full Post  |  2 Comments »

Facial recognition and video search

Posted by on December 11th, 2008

Viewdle, a video search engine, launched recently, and won the 2008 LeWeb Gold prize . It’s very similar to a technology that casinos have had for years. In previous times they’d look up your face in the five-volume Griffin GOLD book, a litany of cheats. Machine vision has surpassed the book, by far. I’ve long […]

Read Full Post  |  2 Comments »

random media mention…

Posted by on August 19th, 2008

My discoveries with the Wall of Sheep at Defcon 16 and it’s application to Twitter security were mentioned on the August 12, 2008 Data Security Podcast. They called me one of the “good guys”. Heh! You can listen to it here: http://datasecurityblog.wordpress.com/2008/08/11/data-security-podcast-episode-13-aug-11-2008/

Read Full Post  |  No Comments »

DNS Patches released today for many platforms

Posted by on July 8th, 2008

If you’re responsible for DNS at your organization, I urge you to immediately download updates for your DNS servers and patch them, today. Dan Kaminsky and other members of the DNS community announce that they are releasing patches for an extremely serious cache resolver issue impacting many vendors of DNS software, including ISC BIND and […]

Read Full Post  |  2 Comments »

Enigma / RSA

Posted by on April 9th, 2008

I have been a long-time lover of security, cryptography, and freedom. Today I wore my EFF sweatshirt into the NSA booth at the RSA Security Expo. The NSA laughed at me. Little did their booth occupants know that the EFF had gone after them recently over the AT&T domestic wiretapping affair, shown to the word […]

Read Full Post  |  2 Comments »

Site Insecurity

Posted by on January 7th, 2008

Over at Chris Shiflett’s blog (he’s the author of Essential PHP Security) he’s got a nice writeup on foiling cross-site scripting attacks on web sites. While this is an older article ( from 2004 ), it still addresses many dangerous issues that developers continue to create in production code. One of our developers here recently […]

Read Full Post  |  2 Comments »