These are the things I've written that are tagged "security"

All Major Browsers Fall At Pwn2Own Day Two

What’s that they say about castles built on sand? Two researchers on Thursday took down the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, as Pwn2Own, the annual hacking contest that runs in tandem at CanSecWest, wound down in Vancouver.

Schneier on Security: Our Newfound Fear of Risk

Bruce Schneier: We’re afraid of risk. It’s a normal part of life, but we’re increasingly unwilling to accept it at any level. So we turn to technology to protect us. The problem is that technological security measures aren’t free. They cost money, of course, but they cost other things as well. They often don’t provide […]

Stop Watching Us

The revelations about the National Security Agency’s surveillance apparatus, if true, represent a stunning abuse of our basic rights. We demand the U.S. Congress reveal the full extent of the NSA’s spying programs. Sign the letter to congress, follow them on Twitter.

Does Airport Security Really Make Us Safer?

Vanity Fair says no: As you stand in endless lines this holiday season, here’s a comforting thought: all those security measures accomplish nothing, at enormous cost. That’s the conclusion of Charles C. Mann, who put the T.S.A. to the test with the help of one of America’s top security experts. Experts like Bruce Schneier have […]

TextSecure

Sounds good: TextSecure is a replacement for the standard text messaging application, allowing you to send and receive text messages as normal. Why isn’t this built-in to Android? or iOS for that matter? or everything?

The Pitfalls of Facebook’s “Social Authentication”

Dan Wineman shoves a hot poker up the ass of Facebook’s “social authentication”: Captchas don’t verify identity. “Social authentication” challenges based on public information — especially information that the service itself provides, for free, to anyone who asks — don’t do that either. The problem with “social authentication” is that second word, there. Facebook’s calling […]

A Waste of Money and Time

Security professional Bruce Schneier on what really makes plane travel safer, and the difference between theater and reality: Of course not. Airport security is the last line of defense, and it’s not a very good one. What works is investigation and intelligence: security that works regardless of the terrorist tactic or target. Yes, the target […]

BlackSheep, the Firesheep countermeasure tool

Like the thing it acts against, it is a Firefox plugin. Were Firesheep a serious malicious tool, the race between BlackSheep countermeasures and Firesheep countercountermeasures would be endless, and Firesheep would always “win”. You can’t develop countermeasures until an attack has been successful. This was and is the message of Firesheep to begin with: The […]

Evercookie

I am intrigued: evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others. evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are […]

Compromising Twitter’s OAuth security system

Ryan Paul for Ars: Twitter officially disabled Basic authentication this week, the final step in the company’s transition to mandatory OAuth authentication. Sadly, Twitter’s extremely poor implementation of the OAuth standard offers a textbook example of how to do it wrong. This article will explore some of the problems with Twitter’s OAuth implementation and some […]

Bruce Schneier: Spy cameras won’t make us safer

I have long had a beef with the conventional wisdom that recording everyone all the time makes us safer: There are exceptions, of course, and proponents of cameras can always cherry-pick examples to bolster their argument. These success stories are what convince us; our brains are wired to respond more strongly to anecdotes than to […]

Hello There

My name is Phil Nelson and I make beautiful objects for a troubled world in CSS, HTML, and JavaScript. I'm a designer / developer at Occipital.

Stuff I Make

Contact Phil Nelson

  • Mail:
  • AIM: extrafuture
  • Twitter: @philnelson

Hey. What're you doing all the way down here? You get lost? Just looking around? Cool. I like you.