evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.
Twitter officially disabled Basic authentication this week, the final step in the company’s transition to mandatory OAuth authentication. Sadly, Twitter’s extremely poor implementation of the OAuth standard offers a textbook example of how to do it wrong. This article will explore some of the problems with Twitter’s OAuth implementation and some potential pitfalls inherent to the standard. I will also show you how I managed to compromise the secret OAuth key in Twitter’s very own official client application for Android.
As described by Jeremiah Grossman, this is pretty nasty. See the proof-of-concept demo here, and be creeped out. (via Shawn Medero)
There are exceptions, of course, and proponents of cameras can always cherry-pick examples to bolster their argument. These success stories are what convince us; our brains are wired to respond more strongly to anecdotes than to data. But the data are clear: CCTV cameras have minimal value in the fight against crime.
A transcript taken from one of Welles’ Sketchbook shows for the BBC. 1955’s passport gestapo seems like a cakewalk compared to 2010’s passport gestapo, yet the more things change…
I’ll be in the peanut gallery for this one. The prizes are distinctly Schneier:
Contest ends on February 6th. Winner receives copies of my books, copies of Patrick Smith’s book, an empty 12-ounce bottle labeled “saline” that you can refill and get through any TSA security checkpoint, and a fake boarding pass on any flight for any date.
Disturbing news from the federal courts today, as a federal judge ruled that “government can obtain access to a person’s inbox contents without any notification to the subscriber.” which means anyone with a job in government can read your email without telling you.
Analysis at the link above, here’s a PDF of the actual ruling.
The key is distributed, and “dissolves” over time. This is very interesting. via Andy Baio.
This post has been removed for being out of date and out of the scope of information this blog now seeks to provide. If you got here by way of a search engine or link, my apologies.