A history lesson from Vint Cerf. I can’t help but picture him as The Architect in The Matrix Reloaded.
When Tim Berners-Lee invented and released the World Wide Web (WWW) design in late 1991, he found an open and receptive internet in operation onto which the WWW could be placed. The WWW design, like the design of the internet, was very open and encouraged a growing cadre of self-taught webmasters to develop content and applications.
A clear explanation of the current state of homomorphic encryption.
I concur completely with Luke’s assessment here. Most password-masking on the web is just security theatre. Displaying password inputs by default (but with an option to hide) should be the norm.
Andy sounds a cautionary note: the password anti-pattern may be dying, but OAuth permission-granting shouldn’t be blasé. This is why granular permissions are so important.
Possibly the least imaginative concept video ever made, this piece commissioned by Blackberry shows a dystopian near-future ruled by security departments run by people with very, very tired arms.
Dana has put together an excellent grab-bag of data on people’s password habits.
This is the stuff James Bond stories are made of. Except in this case, the fortress exists to store data rather than criminal masterminds.
Metallic ink-printed undershirts and underwear. For Americans who wish to assert their rights without saying a word.
Leonard has some handy tips for protecting yourself against Firesheep and its ilk.
Mozilla aims to plug the :visited/getComputedStyle bug/feature.
Another interesting take on assigning a visual clue to password fields.
Here's an interesting idea: generating a sparkline when you input a password ...familiarity with the generated sparkline acts as a visual aid to the user.
And this, boys and girls, is why the password anti-pattern is bad, m'kay?
A thoughtful post from Ben on how the flow of OAuth, OpenID and Facebook Connect can be improved.
Clever or creepy? You decide.
Twitter's promotion of the password anti-pattern bites them on the ass.
This looks like being an excellentâ€”and freeâ€”resource "...meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers."
"Facebook has rolled out an identity system â€” Facebook Connect â€” with a slick UI that trains a gazillion tech-naÃ¯ve users to slap their identity credentials into any old website."
The slides from Simon's excellent full-length presentation at the head conference. Every web developer needs to be aware of these issues.
I never thought I'd find myself linking to and agreeing with a post on TechC*nt but it's good to see somebody pointing out Facebook's hypocrisy with using the password anti-pattern.
Fullscreen mode for Flash movies could be used to totally freak people out. Here's how.
An excellent article that explodes the ludicrous myth that terrorists like to go around taking pictures of potential targets so therefore photographers are dangerous.
A cautionary tale that explains just why the password anti-pattern needs to die. Coding horror indeed: in this case, 1,777 GMail accounts were compromised.
I must remember to allow plenty of time at the airport when I'm leaving San Francisco.
An excellent piece of research that shows how Facebook affiliates' cross-site scripting (Beacon) sends information back to the mothership regardless of whether the user has opted out.
Leisa joins in on the password anti-pattern. As she says, this is a question of ethics. I've already made my position clear to my colleagues and clients. Have you?
The ORG turn a Newsnight interview into hypertext, thereby strengthening the message exponentially.
Yes, you have to be a bit of a database geek to find this funny but if you are, this is very funny indeed.
An interesting product designed to catch the thieves after your Macbook gets stolen.
A few ideas for security questions that had me laughing out loud.
I know what I want for Christmas.
Looks like Google is getting into the WiFi game.