Blogs
Tags > security
Four short links: 17 November 2009
By Nat TorkingtonNovember 17, 2009
Digital Natives (Ze Frank) -- digital natives have grown up in a landscape where access to information and influence has been flattened. they have watched media distribution bottlenecks in the form of networks and studios lose influence to youtube and independent production houses. They have watched companies bow down to viral video critiques, and watched political systems get hacked...
Four short links: 5 November 2009
By Nat TorkingtonNovember 5, 2009
Heat Maps in R -- We used financial data here because it's easier to access than the airline data, but it's actually a pretty interesting way of looking at a financial time series. Weekend and holiday effects are a bit more obvious, and it's a bit like being able to see the daily, weekly, monthly and yearly closes all...
Four short links: 3 November 2009
By Nat TorkingtonNovember 3, 2009
First Test for Election Cryptography (MIT Technology Review) -- The first government election to use a new cryptographic scheme that lets both voters and auditors check that votes were cast and recorded accurately will be held tomorrow in Takoma Park, MD. Founder of the company behind the technology is David Chaum, who ran the first electronic currency company in...
Four short links: 2 November 2009
By Nat TorkingtonNovember 2, 2009
Your Botnet is My Botnet (PDF) -- 2008 USENIX Security paper analysing >70G of data gathered when security researchers hijacked the Torpig botnet. A major limitation of analyzing a botnet from the inside is the limited view. Most current botnets use stripped-down IRC or HTTP servers as their command and control channels, and it is not possible to make...
Four short links: 28 September 2009
By Nat TorkingtonSeptember 28, 2009
Sci Blogs -- aggregated and hosted blogs from New Zealand scientists and researchers. A planet aggregator has become a key part of building a community, even outside programming. Super Better, or How To Turn Recovery Into a Game -- Jane McGonigal had a concussion, and created a game to keep her doing things that aided her recovery. Interesting discussion...
Talk Like a Pirate and Think Like a Pirate Contest Has Ended - We have our winners
By Laurel AckermanSeptember 22, 2009
Thanks so much to those who took the time to leave a comment to our Talk Like a Pirate and Think Like a Pirate post. We have our winners.
Talk Like a Pirate and Think Like a Pirate - Chance to win Ebooks
By Laurel AckermanSeptember 19, 2009
Online security is critical for any website or application. To outsmart your enemies you have to think like them. O'Reilly has a number of books that tell you what to be on the lookout for and how to protect your online property from attack, as well as learn about vulnerabilities you may not be aware of. Share your best security advice and tips for a chance to win an ebook!
Cloud API Wars - Where is the security arsenal?
By Subra KumaraswamySeptember 11, 2009
Last week was an exciting week for the Virtualization and Cloud customers and potential adopters. During VMWorld 2009, a handful of announcements by the cloud computing "picks" and "shovel" providers marked the beginning of the "Cloud API War" -...
New Book "Hacking: The Next Generation"
By Nitesh DhanjaniSeptember 5, 2009
My new book "Hacking: The Next Generation" is now available.
Four short links: 4 September 2009
By Nat TorkingtonSeptember 3, 2009
Flood Maps -- what the world will look like when the oceans rise. Interactive, so you can dial up your preferred level of environmental horror. (via Hans Nowak) Citability -- making government accessible, reliable, and transparent with advanced permalinks, as Government websites are ever changing and cannot be cited. Content changes without notice or accountability. Bootstrapping EC2 Images as...
Four short links: 20 August 2009
By Nat TorkingtonAugust 19, 2009
DIY SPY - a homebrew 2.4GHz wi-fi spectrum analyzer -- As proof of concept (and a cool toy for anyone who has one of these lying around), I have implemented a working Wi-Fi spectrum analyzer on TI’s ez430-RF2500 development kit ($50), a 2-part USB dongle which consists essentially of a CC2500 radio strapped to an MSP430 low-power microcontroller (detachable...
Four short links: 18 August 2009
By Nat TorkingtonAugust 18, 2009
The Making of the NPR News iPhone App -- interesting behind-the-scenes look, with sketches and all. Station streams, however, presented a larger challenge. To begin with, NPR didn't have direct stream links for any of its stations, so we built a Web spider that identified and captured more than 300 iPhone-compatible station streams. After that first pass, we worked...
Is a large document really a potential Denial of Service attack? - What are some basic tests for web applications?
By Rick JelliffeAugust 8, 2009
A reader asked me about some recent vague press items about newly discovered security flaws in some XML parsers. ...since security is one of the applications of validation it is an area I need to be more aware of.
Four short links: 7 August 2009
By Nat TorkingtonAugust 6, 2009
Defragging the Stimulus -- each [recovery] site has its own silo of data, and no site is complete. What we need is a unified point of access to all sources of information: firsthand reports from Recovery.gov and state portals, commentary from StimulusWatch and MetaCarta, and more. Suggests that Recovery.gov should be the hub for this presently-decentralised pile of recovery...
John Adams on Fixing Twitter: Improving the Performance and Scalability of the World's Most Popular Micro-blogging Site
By Jesse RobbinsAugust 6, 2009
Twitter is suffering outages today as they fend off a Denial of Service attack, and so I thought it would be helpful to post John Adams’ exceptional Velocity session about Operations at Twitter. Good luck today John & team… I know it’s going to be a long day!...
Four short links: 21 July 2009
By Nat TorkingtonJuly 20, 2009
On Data Reconciliation Strategies and Their Impact on the Web of Data -- For years, I’ve been a fairly vocal advocate for the elegance and scalability of a-posteriori reconciliation via equivalence mappings as a superior mechanism (scale-wise) to a-priori reconciliation efforts… but this started to change very rapidly once I started working for Metaweb and saw first hand how...
Computer Security Basics
By Rick LehtinenJuly 17, 2009
Hi, It is about time I got started on this blog. Computer Security Basics was a landmark book when it was first published in the early 90s. I was honored to have the chance to update it in 2006. Now...
Rethinking ecommerce security: security experts asked to redesign credit card payments
By Andy OramJune 26, 2009
Ed Bellis, the chief information security officer at Orbitz, is trying to design a secure online system for credit card payments.
John Viega Explains What Motivates Bad Guys
By Sara PeytonJune 23, 2009
Longtime security professional John Viega reports on the sorry state of security in his new book, The Myths of Security: What the Computer Security Industry Doesn't Want You to Know. "Today, the tech world might hear a lot about security issues, but the world at large rarely does," writes security expert Viega, In this excerpt from The Myths of Security Viega explains what motivates bad guys to break into computers.
Dramatic Increase in Number of Tor Clients from Iran: Interview with Tor Project and the EFF
By Timothy M. O'BrienJune 19, 2009
The Tor Project produces an anonymous proxy services which allows users to evade surveillance. In this interview, Andrew Lewman talks about the Tor Project and discusses some statistics that show its increased use from with Iran. This article also includes some questions and answers with the EFF about the legal implications of running an open proxy server.
Four short links: 17 June 2009
By Nat TorkingtonJune 17, 2009
NY Times Mines Its Data To Identify Words That Readers Find Abstruse -- the feature that lets you highlight a word on a NY Times web page and get more information about it is something that irritates me. I'm fascinated by the analysis of their data: boggling that sumptuary is less perplexing than solipsistic. Louche (#3 on the list)...
John Viega Talks About Beautiful Security
By James TurnerJune 10, 2009
John Viega is the co-editor of Beautiful Security, the latest in O'Reilly's "Beautiful" series. He recently talked to me a bit about what makes security beautiful, and what demands modern security problems place on end users and administrators
O'Reilly Week in Review for June 1st, 2009
By James TurnerJune 3, 2009
This week, we have a chat with John Viega, co-editor of Beautiful Security, the latest book in O'Reilly's "Beautiful" series, about what makes security beautiful, as well as what steps consumers and enterprises need to take to be secure these...
Beautiful Trade: Rethinking E-Commerce Security
By Allen NorenJune 1, 2009
Following is an excerpt from Beautiful Security: Leading Security Experts Explain How They Think, by Andy Oram and John Viega (Adapted for the web). Information security has always been one of the largest barriers to e-commerce. Those of us...
Loki's Net
By Jeffrey CarrJune 1, 2009
Every culture has its Trickster myths because Trickster lives on the edge of what the rest of us perceive as "real." He crosses boundaries so often and with such ease, not to mention panache, that our own boundaries expand because of him. Trickster is "the doorway leading out, the spirit of the road at dusk" (Lewis Hyde) that doesn't belong to any town but is in-between all towns; the province of thieves and spies. Here's an updated version of an old Trickster tale that I think is particularly relevant to the topic of this post--the national security risks associated with a more open Government in general and social software in particular.
Four short links: 28 May 2009
By Nat TorkingtonMay 28, 2009
Viral Epidemics Poised to go Mobile -- Albert-Laszlo Barabasi (author of Linked: How Everything Is Connected To Everything Else) modelled mobile phone virus epidemiology for NSF and concluded that (in accordance with experience) no single OS has critical mass for viruses to break-out. I wonder: will Android or iPhone reach that point first? (via ACM TechNews) Socrata -- formerly...
Introducing Nitro-LM "Lite"
By Andrew WestbergMay 22, 2009
I've been consulting for Simplified Logic the creators of Nitro-LM full time for the past two years. Nitro-LM is a licensing and encryption solution for software written in C/C++, Java, Eclipse, Eclipse Plugins, and Adobe...
Four short links: 22 May 2009
By Nat TorkingtonMay 22, 2009
Hiding Dirty Deeds: "Encrypted" Client-Side Code -- obfuscated Javascript from a Facebook phishing site, deconstructed and reconstructed, parsed and glossed for understanding. It reminds me of the best obfuscated Perl: Latin, string substitution, runtime and compile-time semantics ... a work of evil art. (via waxy) Kickstarter -- artistic commercial version of PledgeBank. You say "I want to do [X]...
The Five Laws of Implementing a Login Solution
By George ReeseMay 20, 2009
Don't write your own. But whether your decide to write your own or implement a third-party solution, make sure it follows these five rules no matter what the risk profile of your application.
Google's Failings Say Little about Cloud Computing
By George ReeseMay 16, 2009
Every time an individual cloud vendor suffers a failure like last week's networking issues with Google, mindless bloggers rush out to suggest the failures of one company represent failures of cloud computing in general. It's time to hold this logical fallacy up to the light and learn what we really can learn from any given incident.
Ivan Krstić joins Apple Core Security
May 14, 2009
On his personal 'blog, former OLPC security director Ivan Krstić reveals his new position within Apple Core Security
Up Close with an Enigma
By Ben LoricaMay 8, 2009
At last month's RSA conference in San Francisco, I stumbled upon a vintage 1944 model of the German crypothographic machine, popularly known as the Enigma. This particular machine was owned by the National Cryptologic Museum, and was part of a larger booth hosted by the National Security Agency. The staff at the exhibit were quite friendly and it didn't take...
Four short links: 29 Apr 2009
By Nat TorkingtonApril 29, 2009
Moot Wins, Time Inc. Loses -- summary of how the 4chan group Anonymous rigged the voting in Time's 100 Most Influential poll to not just put their man at the top, but also spell an in-joke with the initial letters of the first 21 people. Time tried weakly to prevent the vote-rigging, and ReCAPTCHA gave the Internet scalliwags their...
Building Bridges with the U.S. Intelligence Community
By Jeffrey CarrApril 22, 2009
Guest blogger Jeffrey Carr is a cyber intelligence expert, Principal of GreyLogic, columnist for Symantec's Security Focus, and author who specializes in the investigation of cyber attacks against governments and infrastructures by State and Non-State hackers. Jeff is the Principal Investigator for Project Grey Goose, an Open Source intelligence investigation into the Russian cyber attacks on Georgia in August,...
Four Short Links: 20 Apr 2009
By Nat TorkingtonApril 19, 2009
Camp, visualization, mistakes, and a wireless power meter hack: Toorcamp -- two day hacker camp in a Titan-1 missile silo. The coolest venue evar? I think so. The Allosphere (TED) -- JoAnn Kuchera-Morin demos the Allosphere, a planetarium-like sound-and-light visualization environment for scientific data. (via Lorrie Lejeune) The Mistake Bank -- The Mistake Bank is a place to share stories...
Transparency: The Key to Cloud Security
By George ReeseApril 19, 2009
If your cloud provider refuses to answer any specific question about their security architecture related to your security requirements, run--don't walk--away from that vendor
Four short links: 13 Apr 2009
By Nat TorkingtonApril 13, 2009
Worms, sorting, languages, and infrastructure: Twitter XSS Attacks (Lynne Pope) -- several incarnations of a worm spread quickly across Twitter this weekend. Twitter profiles are generated by themes, whose parameters users can change. The user-supplied value for the colour was used directly in the CSS color field without filtering, which the original worm strain used to end the CSS and...
Vidoop - the best password / captcha / security system on the web
By RJ OwenApril 11, 2009
Vidoop is a User Experience company focused on web security. They offer a set of products and services to provide security to web users and developers, but they take a unique approach to security that provides a much better experience to end users than normal password or captcha systems. Vidoop provides three main services, all of which are based on the same underlying technology and methodology. The services are: Vidoop Secure - an all around security portal for your web-based applications myVidoop - a password manager for individual web users Vidoop Captcha - a captcha system Vidoop advertises as being bot-proof, but not human proof. I started using myVidoop for my own browsing / password needs about a month ago after seeing some of the team demo their service. I started off somewhat skeptical of the whole thing - do we really need another password management system? After about five minutes my skepticism died in the fiery glory of fan-boy fanaticism, and it hasn't died down since then. This service makes sense, and it actually works.
Is the European Union Finally Taking Cyber Security Seriously?
By Jeffrey CarrApril 3, 2009
After reading about the latest British concerns over cyber espionage activities occurring seemingly at will across its classified and unclassified networks, I was happy to read about this April 1, 2009 effort by the European Commission which included the following...
Hack in the Box (Dubai) 2009 / Psychotronic(a) / Hacking the Psyche
By Nitesh DhanjaniMarch 30, 2009
I will be presenting Psychotronica: Exposure, Control, and Deceit at the Hack in the Box Conference in Dubai (20th - 23rd April 2009).
SWFScan - First Look
By Andrew TriceMarch 24, 2009
I've seen several blog posts recently announcing SWFScan, a free tool from HP for decompiling and inspecting swf files for security vulnerabilities. In this post, we'll take a quick glance at what the tool can do for you.
Four short links: 16 Mar 2009
By Nat TorkingtonMarch 16, 2009
Non-interop earphones with DRM, HVAC swarms, paperprints, and product constipation at GOOG: Apple iPod Shuffle (3rd gen) -- "Surprise: the only third-party headphones that will work are ones that haven’t even entered manufacturing yet, because they’ll need to contain yet another new Apple authentication chip, which will add to their price." It's interesting to see Apple prioritising the different interactions...
Four short links: 12 Mar 2009
By Nat TorkingtonMarch 12, 2009
Programming language security, robot laws, open data platform, and telephony recharged: Languages and Security Reading (Ivan Krstić) -- I love his tripartite division of language security work, as it completely gels with my experience. 1. The “My name is Correctness, king of kings” people say that security problems are merely one manifestation of incorrectness, which is dissonance between what the...
Four short links: 11 Mar 2009
By Nat TorkingtonMarch 11, 2009
Four ETech-related links, from your humble author who is following the action from afar: Criminals Are "Targeting Basic Blocks of the Internet" (Guardian) -- writeup of Alex Stamos's talk. "Basic infrastructure failure is what we're going to see over the next few years," he said. "The most interesting research is either taking things that we thought were unexploitable and exploiting...
Blame the Credit Card Franchise: Criminals on Amazon's EC2 (Elastic Compute) Cloud
By Nitesh DhanjaniMarch 11, 2009
Amazon EC2 is an extraordinarily powerful infrastructure available to anyone with a stolen credit card. Even if someone is able to use the EC2 platform for a few hours with a stolen credit card, he or she will be able to initiate a vicious cycle that may become impossible to halt.
A Rapidly Changing Threat Landscape
By Kathryn BarrettMarch 3, 2009
We've heard it before: "gone are the days of script kiddies and teenagers out to wreak havoc just to show off." The late 1990s and early 2000s produced a staggering number of DoS attacks. Malware, the engine for the DoS attack, has progressed from simple programs that attack a single vulnerability to complex software that attacks multiple OS and application vulnerabilities. Read more of the following excerpt from Security Monitoring by Chris Fry and Martin Nystrom.
Document security and macros
By Rick JelliffeFebruary 26, 2009
One of the big selling points of descriptive markup is that it is safe. If you use a binary format (or a macro-enabled file) you can have a security problems. I think ODF needs to take a leaf out of OOXML's book here, and at least adopt the convention where the normal extensions must be opened by conforming applications with macro- and script- and event- disabled. Security is so important, that it should be part of ODF 1.2 rather than a next-generation ODF issue.
Gartner and the Pope
By Nitesh DhanjaniFebruary 24, 2009
The Gartner press release makes extraordinary claims on how much phishing costs businesses: $3.2 billion is not an estimate that should be taken lightly by anyone. Extraordinary claims require extraordinary evidence (quoting Carl Sagan). As I read through the Gartner press release, I felt that the claims were unsupported because, besides the fact that a survey was conducted, it does not reveal the methodology used to arrive at the specific claims.
Four short links: 16 Feb 2009
By Nat TorkingtonFebruary 16, 2009
A lot of Python and databases today, with some hardware and Twitter pranking/security worries to taste: Free Telephony Project, Open Telephony Hardware -- professionally-designed mass-manufactured hardware for telephony projects. E.g., IP04 runs Asterisk and has four phone jacks and removable Flash storage. Software, schematics, and PCB files released under GPL v2 or later. Don't Click Prank Explained -- inside the...
Security in the Age of Social Networks
By Joshua-Michele RossFebruary 6, 2009
Over the past four years we have seen an explosion in the volume of personally identifiable information (PII) online as social software and user generated content have allowed millions of people to create, manage and share their data in the cloud. While the rewards have been pretty clear (lower barriers to participation and collaboration) the risks have not been understood...
1 to 50 of 96 Next
Subscribe to our Newsletters
Subscribe to our Feeds
O'Reilly on YouTube
O'Reilly on Twitter
O'Reilly on Facebook
O'Reilly on Flickr
