About
My name is Jens.
I'm a geek. The good kind.
I'm interested in many things ...
Accounts
Friends
-
Loading…heather 2 days ago -
Loading…updates 4 days ago -
Loading…yarnivore over 2 years ago -
Loading…Echolicht about 13 hours ago -
Loading…c3o 2 days ago -
Loading…maledei 1 day ago -
Loading…warbler 4 months ago -
Loading…maxchad about 1 year ago -
Loading…brianamerige 4 months ago -
Loading…giania about 5 hours ago
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.
Click here to check if anything new just came in.
September 02 2010
Compromising Twitter's OAuth security system [ArsTechnica]
"Website operators who adopt the current version of the [OAuth] standard have to tread carefully and concoct their own solutions to fill in the gaps in the specification. As a result, there is not much consistency between implementations. Facebook, Twitter, and Google all have different variants of the standard that have to be handled differently by third-party applications. Twitter's approach is, by far, the worst."May 27 2010
Security in Depth: HTML5’s @sandbox
"Chrome is the first browser to include support for a new HTML5 feature that lets web developers reduce the privileges of parts of their web pages by including a “sandbox” attribute in iframes."Allows you to block untrusted iframes in your page from doing things like opening windows, using forms or running JavaScript.
Reposted by
sofias
sofias
April 30 2010
New Age terrorists develop homeopathic bomb
"Homeopathic bombs are comprised of 99.9% water but contain the merest trace element of explosive. The solution is then repeatedly diluted so as to leave only the memory of the explosive in the water molecules. According to the laws of homeopathy, the more that the water is diluted, the more powerful the bomb becomes. ..."The severity of the situation has already resulted in the New Age terror threat level being raised from ‘lilac’ to the more worrisome ‘purple’ aura."
March 18 2010
"No Dashes Or Spaces" Hall of Shame
Publicly shaming websites that stupidly forbid dashes or spaces in credit-card numbers. (Don't they know how to use regexes?!)February 06 2010
Tahoe-LAFS
"A secure, decentralized, data store. This filesystem is encrypted and spread over multiple peers in such a way that it remains available even when some of the peers are unavailable, malfunctioning, or malicious." This is the software used by online backup service AllMyData.com. (GPL'ed)January 15 2010
Software Makers See a Market in Censorship - NYTimes.com
"More than a million people in China, including human rights activists and expatriates, are using special software to circumvent the nation’s complex online censorship system, known as the “Great Firewall.” This has created a booming market for software companies..." The Internet sees censorship as a business opportunity and markets around it.December 07 2009
foaf+ssl
"FOAF+SSL is a way of allowing open social networking, while still leaving everything under the control of the individual. It uses well-established protocols, virtually every standard Web browser supports it. Wherever you need to interact over the Web with others but retain a level of trust - your secrets are your secrets - FOAF+SSL is there for you. FOAF+SSL is a authentication and authorization protocol that links a Web ID to a public key, thereby enabling a global, decentralized/distributed, and open yet secure social network. It functions with existing browsers. It uses PKI standards — usually thought of as hierarchical trust management tools — in a decentralized "web of trust" way. The web of trust is built using semantic web vocabularies (particularly FOAF) published in RESTful manner to form Linked Data."December 03 2009
Google Public DNS
"Google Public DNS is a free, global Domain Name System (DNS) resolution service, that you can use as an alternative to your current DNS provider." I've been trying it out for a few months; it makes web surfing at home noticeably faster. Just set your DNS servers to 8.8.8.8 and 8.8.4.4.August 11 2009
US Government Reviewing OpenID For Login on .Gov Sites
"The Open Government Identity Management Solutions Privacy Workshop is being held in Washington DC to draft a process for certifying existing identity providers for low-security government authentication transactions (so-called NIST level 1). If the plans move forward, we may someday be able to log in to government sites using our favorite OpenID-supporting website credentials. Google, AOL, Yahoo or other commercial accounts could become new keys to a consistent experience around the .gov web."August 08 2009
The Tripartite Identity Pattern [Randy Farmer]
"One of the most misunderstood patterns in social media design is that of user identity management. Product designers often confuse the many different roles required by various user identifiers. ... "Consistently I've found that a tripartite identity model best fits most online services and should be forward compatible with current identity sharing methods and future proposals. "The three components of user identity are: the account identifier, the login identifier, and the public identifier."July 16 2009
Laptop Security while Crossing Borders [Schneier on Security]
"Last year, I wrote about the increasing propensity for governments, including the U.S. and Great Britain, to search the contents of people's laptops at customs. ... Companies and individuals have dealt with this problem in several ways, from keeping sensitive data off laptops traveling internationally, to storing the data -- encrypted, of course -- on websites and then downloading it at the destination. I have never liked either solution. ... "There's another solution, one that works with whole-disk encryption products like PGP Disk (I'm on PGP's advisory board), TrueCrypt, and BitLocker: Encrypt the data to a key you don't know. "It sounds crazy, but stay with me...."July 01 2009
Security, Group Size, and the Human Brain [Bruce Schneier]
“150 is the cognitive limit to the number of people a human brain can maintain a coherent social relationship with. ... This number appears regularly in human society; it's the estimated size of a Neolithic farming village, the size at which Hittite settlements split, and the basic unit in professional armies from Roman times to the present day. Larger group sizes aren't as stable because their members don't know each other well enough. “...More generally, there are several layers of natural human group size that increase with a ratio of approximately three: 5, 15, 50, 150, 500, and 1500 -- although, really, the numbers aren't as precise as all that, and groups that are less focused on survival tend to be smaller. The layers relate to both the intensity and intimacy of relationship and the frequency of contact.”June 23 2009
How To Communicate Securely in Repressive Environments
“I’m preparing to give a presentation at The Fletcher Summer Institute for the Advanced Study of Nonviolent Conflict (FSI 2009). The focus of my presentation will be on digital security, i.e., how to communicate safely and securely in repressive, non-permissive environments.”June 22 2009
Find My iPhone works, and it is awesome.
One man's epic true story of recovering his lost iPhone from a thief, through the magic "Find My iPhone" feature.May 20 2009
Unsafe at any speed: Memcpy() banished in Redmond • The Register
“Effective later this year, Microsoft will add memcpy(), CopyMemory(), and RtlCopyMemory() to its list of function calls banned under its secure development lifecycle.” Hope they remember to ban memmove too!March 23 2009
PFX - How Not to Design a Crypto Protocol/Standard
“As it turns out, because PFX [aka PKCS12] is so comprehensively broken it's far easier to take the style guide's "try and do this to demonstrate good style" and turn it around into PFX's "do this to demonstrate bad style". As a result, I've decided to do a rant instead of a proper discussion like the style guide. Rants are far more fun to write anyway. So, here's the PFX anti-style guide, or 'How not to design a crypto protocol/standard'.”January 04 2009
Police set to step up hacking of home PCs [Times Online]
“THE Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant. ... “The hacking is known as “remote searching”. It allows police or MI5 officers who may be hundreds of miles away to examine covertly the hard drive of someone’s PC at his home, office or hotel room. ... “Police might also send an e-mail to a suspect’s computer. The message would include an attachment that contained a virus or “malware”. If the attachment was opened, the remote search facility would be covertly activated. Alternatively, police could park outside a suspect’s home and hack into his or her hard drive using the wireless network.”October 29 2008
The Skein Hash Function [Schneier on Security]
Bruce Schneier announces the new crypto hash function he and others are submitting to the NIST competition. Full paper and source code available. "Skein is a new family of cryptographic hash functions. Its design combines speed, security, simplicity, and a great deal of flexibility in a modular package that is easy to analyze."August 30 2008
Inside India’s CAPTCHA solving economy
"The bottom line - is text based CAPTCHA dead? It’s definitely in pain thanks to evil marketers recruiting low-waged Indian data processing workers, who according to some of the statistics obtained, earn over ten times more while solving CAPTCHAs, than through their legitimate data processing jobs."
Revealed: The Internet's Biggest Security Hole
"The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination."
Older posts are this way
If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.
