Evercookie

I am intrigued:

evercookie is a javascript API available that produces
extremely persistent cookies in a browser. Its goal
is to identify a client even after they’ve removed standard
cookies, Flash cookies (Local Shared Objects or LSOs), and
others.

evercookie accomplishes this by storing the cookie data in
several types of storage mechanisms that are available on
the local browser. Additionally, if evercookie has found the
user has removed any of the types of cookies in question, it
recreates them using each mechanism available.

Ars Technica did an an interview with the creator. All via Andy Baio.

Compromising Twitter’s OAuth security system

Ryan Paul for Ars:

Twitter officially disabled Basic authentication this week, the final step in the company’s transition to mandatory OAuth authentication. Sadly, Twitter’s extremely poor implementation of the OAuth standard offers a textbook example of how to do it wrong. This article will explore some of the problems with Twitter’s OAuth implementation and some potential pitfalls inherent to the standard. I will also show you how I managed to compromise the secret OAuth key in Twitter’s very own official client application for Android.

via Schneier

Bruce Schneier: Spy cameras won’t make us safer

I have long had a beef with the conventional wisdom that recording everyone all the time makes us safer:

There are exceptions, of course, and proponents of cameras can always cherry-pick examples to bolster their argument. These success stories are what convince us; our brains are wired to respond more strongly to anecdotes than to data. But the data are clear: CCTV cameras have minimal value in the fight against crime.