Categories
Links

Firesheep

A Firefox plugin that makes HTTP session hijacking as easy as a double-click.

Categories
Links

Evercookie

I am intrigued:

evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.

Ars Technica did an an interview with the creator. All via Andy Baio.

Categories
Links

Compromising Twitter’s OAuth security system

Ryan Paul for Ars:

Twitter officially disabled Basic authentication this week, the final step in the company’s transition to mandatory OAuth authentication. Sadly, Twitter’s extremely poor implementation of the OAuth standard offers a textbook example of how to do it wrong. This article will explore some of the problems with Twitter’s OAuth implementation and some potential pitfalls inherent to the standard. I will also show you how I managed to compromise the secret OAuth key in Twitter’s very own official client application for Android.

via Schneier

Categories
Links

Safari 4 & 5 AutoComplete Vulnerability Exposes Email Addresses, Phone Numbers

As described by Jeremiah Grossman, this is pretty nasty. See the proof-of-concept demo here, and be creeped out. (via Shawn Medero)

Categories
Links

Grim Meathook Future: Government Passport Cloning For Assassins

Evidence that the Israeli government has been cloning the passports of British citizens, and using them as fake IDs for assassins. Airport security? Haaaaa.

Categories
Links

Bruce Schneier: Spy cameras won’t make us safer

I have long had a beef with the conventional wisdom that recording everyone all the time makes us safer:

There are exceptions, of course, and proponents of cameras can always cherry-pick examples to bolster their argument. These success stories are what convince us; our brains are wired to respond more strongly to anecdotes than to data. But the data are clear: CCTV cameras have minimal value in the fight against crime.

Categories
Links

Orson Welles on Privacy, the Passport and Personal Rights

A transcript taken from one of Welles’ Sketchbook shows for the BBC. 1955’s passport gestapo seems like a cakewalk compared to 2010’s passport gestapo, yet the more things change…

Categories
Links

Bruce Schneier’s TSA Logo Contest

I’ll be in the peanut gallery for this one. The prizes are distinctly Schneier:

Contest ends on February 6th. Winner receives copies of my books, copies of Patrick Smith’s book, an empty 12-ounce bottle labeled “saline” that you can refill and get through any TSA security checkpoint, and a fake boarding pass on any flight for any date.

Categories
Links

An Inbox Is Not a Glove Compartment

Disturbing news from the federal courts today, as a federal judge ruled that “government can obtain access to a person’s inbox contents without any notification to the subscriber.” which means anyone with a job in government can read your email without telling you.

Analysis at the link above, here’s a PDF of the actual ruling.

Categories
Links

Self-Destructing Data

The key is distributed, and “dissolves” over time. This is very interesting. via Andy Baio.

Categories
Posts

How To: Change Your iPhone’s Root Password

This post has been removed for being out of date and out of the scope of information this blog now seeks to provide. If you got here by way of a search engine or link, my apologies.