Last week there was talk of an information breach affecting customers of several large corporations, whereby names and email addresses may have been leaked through a marketing company (Epsilon). Even without knowing all of the minute details, there are some important things to take away from this: Large pools of consolidated personally identifiable information are huge targets for would-be attackers Those you trust with your trusted data might not be as careful with it as you’d like them to be (applies to both customers and companies) But, although there is much to be said of the risk we all take when we share private data, perhaps the bigger issue is the fact that companies hound you for your personal information[…]
Category: standards
Vavada - это онлайн-казино, предоставляющее широкий выбор азартных игр, включая слоты, рулетку, блэкджек и другие. Vavada привлекает игроков разнообразными бонусами и акциями.
Greetings from the 2011 RSA Conference in rainy San Francisco, CA. Yesterday I attended the opening keynotes of the conference, and a certain statement by RSA’s Art Coviello caught my ear and needs some further discussion. The conference opened with a fantastic video called “Giants Among Us” which provided a brief chronicle of the rise of public key cryptography, from Martin Hellman, Whitfield Diffie, and Ralph Merkel, to Ron Rivest, Adi Shamir, and Leonard Adelman. It was well produced and is worth a watch. Note: updated link to HD version. Art Coviello then came out and started his talk with a brief history of the 20 years of the RSA Conference, which was entertaining in its own right. He brought[…]
Unless you work for a network or internet service provider, there’s only so much you can do about the IPcalypse. But you can be ready for the IPv6 transition, and you really should be. We’ve seen this day coming for years now.
The discussion around the usual suspects of web application security (XSS, CSRF, injections, etc) hasn’t changed much in the last decade. Even high-profile website security incidents that get media attention often boil down to a clever application of one or more of these “basic” vulnerabilities. Part of the reason these techniques don’t seem to go out of style is a result of the speed at which the underlying technologies emerge. In other words, as technology changes, the vulnerabilities enabled by that technology also change. With the quick rise (and rapid acceptance) of HTML5 as the next generation markup language, we are sure to see some interesting new ways that web apps can be bent and broken or otherwise convinced to[…]
We know that an 8-character password with upper-case letters, lower-case letters, numbers, and special characters is definitely stronger than a 6-character password with only letters and numbers. But how much stronger is it?
OAuth is a protocol that lets applications request data or privileges you have on a remote service without you having to provide your credentials for that service. A classic use case for this “valet key” system is contact import – you can let a site load your address book from Gmail without giving that site your actual Gmail password. Twitter recently required that any third-party applications using their API must authenticate using OAuth. Twitter’s implementation is based on OAuth 1.0, which was finalized in April but has been in development for several years and is already widely supported. But work on a new version is now under way, and Facebook has already implemented one variety of the draft specification for[…]