Monthly Archives: March 2010
I’m in ur 4sq, snarfin ur password — Part II
In Part 1 of this discussion on Foursquare’s mobile applications, I demonstrated how the Foursquare Android app utilizes HTTP basic authentication over plaintext HTTP. Another intriguing aspect of all of this comes in the form of a snippet from the Foursquare API documentation: For most methods, we require either Basic Authentication or OAuth Authentication. OAuth [...]
Trust Revisited
A long, long time ago, on a not so distant blog, I questioned the manner in which we make trust decisions regarding HTTPS enabled web sites. Yesterday, Sid Stamm and Christopher Soghoian published a very interesting paper that further explores problems with SSL PKI and the trusted CA model. Most recent SSL research has focused on [...]
RIM Security: Employer BES vs. Employee BIS – Part 1
RIM Security. BES vs BIS. It matters.– application rights management is a joke and isn’t useful at all.
Tattler: The Skype Un-Deleter
Tattler: The Skype Un-Delete power tool. Tattler lets you view edited and deleted messages.
Does the end user care about security? Do they have to?
Consequences. Or rather experiencing the consequences… that, can inspire change. A perfect example; most people I know that are serious and disciplined about regular system backups do it because they’ve been burned in the past. (I’ve been very good about it ever since I paid Ontrack 1400 dollars to recover an IBM Deathstar hard drive) How [...]
