Home » Archive

Articles in the Privacy & Security Category

Internet, Privacy & Security »

[ | 23 Mar 2011 | 6 Comments | ]
Comodo compromise demonstrates need for DNSSec migration

Comodo, a company you probably never heard of which holds one of the many master keys to the Internet’s SSL X.509 Public Key Infrastructure (PKI) system, admitted that their root certificate authorities have been compromised by attackers.  Those attackers issued themselves SSL certificates for seven companies including Google, Skype, and Yahoo so they can fully masquerade [...]

Privacy & Security »

[ | 15 Mar 2011 | One Comment | ]
Twitter adds HTTPS mode, but no HTTPS sign-in

Twitter is responding to mounting pressure after some high profile account compromises by allowing customers to opt-in to always-on secure HTTPS SSL mode.  Unfortunately, I doubt most people will go to the trouble of opting in by going to the security settings.  Since HTTPS is virtually cost-free to operate continuously for websites that already support HTTPS, Twitter [...]

Privacy & Security »

[ | 3 Mar 2011 | 2 Comments | ]
Ashton Kutcher meets Firesheep, twitter hacked

It appears that Ashton Kutcher has become a high profile victim of Twitter’s negligence when someone at the TED conference hijacked Kutcher’s Twitter account using tools like Firesheep.  The Twitter PR account @TwitterGlobalPR twitted that Kutcher should have enabled SSL by typing HTTPS in front of twitter.com, but that deflects from the fact that it’s [...]

Digital Insight, Privacy & Security »

[ | 28 Feb 2011 | 5 Comments | ]
Someone in DC cares about online security

I’ve been hammering popular online services like Facebook and Twitter for months for utterly weak efforts to protect consumers so I was pleased to hear that Senator Chuck Schumer has joined the fight. Some of the worst online services in my online security report card were served letters by Senator Schumer asking them to turn SSL security on by default.

Privacy & Security »

[ | 4 Feb 2011 | 8 Comments | ]
Facebook HTTPS now works but forgot SSL authentication

Facebook’s new full SSL feature finally works three years after it became widely known that Facebook user accounts were easily hijacked. Unfortunately, their update still won’t fully protect Facebook users because Facebook forgot to deploy HTTPS authentication on the user login page.

Privacy & Security, Research »

[ | 3 Feb 2011 | One Comment | ]
Research: Do Not Track

Hillicon Valley reports that Rep. Jackie Speier (D-CA) will introduce legislation dealing with online privacy next week. The legislation will provide an “opt out” for individuals that do not want to allow advertisers to track them.

Privacy & Security, Research »

[ | 1 Feb 2011 | 3 Comments | ]
Three Concerns on Facebook’s Coming Comment System

Athima Chansanchai has an expanded report on CNET’s Caroline McCarthy’s story on Facebooks move to take over the Internets commenting systems.

Digital Insight, Privacy & Security »

[ | 26 Jan 2011 | 6 Comments | ]
Facebook finally adds HTTPS, but still broken

Facebook announced that they’ve finally added secure web browsing for Facebook 2 months after the release of the Firesheep tool that made it trivially easy to hack Facebook accounts.  That prompted me to give them an “F” in security which was widely cited in the media.  But there are some major problems with this update [...]

Privacy & Security »

[ | 21 Jan 2011 | One Comment | ]
Did Microsoft Offer PS3 Hacker Win7 Phone To Thwart Piracy?

Microsoft attempts to recruit iPhone and PS3 hacker George Hotz as a “developer”.

Privacy & Security, Research »

[ | 13 Sep 2010 | One Comment | ]
Research: I Can Stalk U

ICanStalkU.com website was created in 2010 by Jackson, Pesce, and Mayhemic Labs in order to convey to individuals information that they may be inadvertently be sharing online that they normally would not share because of privacy concerns.