Current Twitter Status

Status posted 1 day, 19 hours ago.

See status in context

Subsidized Fear

Terror Alert Level

Into The Past »

Links Tagged With “security” (Show All Items Tagged With “security”)

Inside the Attack that Crippled Revision3

Bookmarked via Ma.gnolia on Thursday, May 29, 2008 @ 11:17 CDT by Daniel Andrlik

Over Memorial Day weekend, Revision3’s servers were brought down benenath the weight of a Denial of Service attack. The culprit? None other than MediaDefender, an anti-piracy service that specializes in disrupting P2P traffic.

Apparently, MediaDefender was abusing Revision3’s Bittorrent tracker (which they use to distribute legal copies of their own shows), by “injecting a broad array of torrents into [Revision3’s] tracking server.” When Revision3 deauthorized those torrents, MediaDefender’s servers “initiated a flood of SYN packets attempting to reconnect to the files.” Approximately 8,000 packets per second, by Revision3’s logs. MediaDefender claims that this was not an attack aimed at Revision3, but a natural consequence of losing contact with the torrents they had improperly injected into Revision3’s tracking server.

DoS attacks are illegal, and even if this wasn’t a targeted attack, you would think MediaDefender would still be liable for any financial losses Revision3 suffered as a result of the attack, as well as illicit profits MediaDefender earned through the unauthorized use of their server. However, I am not a lawyer. I’m hoping that Revision3 will take action, because this is really just the tip of the iceberg for MediaDefender, and they need to be brought in line.

View Link Source

Tagged with

and having 0 Comments »

Strong passwords no panacea as SSH brute-force attacks rise

Bookmarked via Ma.gnolia on Thursday, May 15, 2008 @ 08:42 CDT by Daniel Andrlik

Okay, if you still have your box configured to allow remote logins as “root”, then you deserve anything you get. Otherwise, start using strong passphrases (not a password, those are too easy), or if you can swing it with your work flow, use an ssh key rather than a text-based login. It’s less convenient in some ways, but it’s worth your time. Honestly, I’m a little behind here as I’ve intended to switch more of my systems over to private keys for a while now, but on half I still login with a username and a strong passphrase.

Also, while we are at it, just a reminder that security through obscurity doesn’t work in the long run. You can reduce the effectiveness of automated attacks by running ssh on a different port, but don’t think that’s going to be an effective long-range solution. If someone wants in, they will find the ssh port, so it’s up to you to get the rest of your security together.

This all goes for you Apple folks too.

View Link Source

Tagged with

and having 0 Comments »

OAuth support for Google Accounts and Contacts API

Bookmarked via Ma.gnolia on Saturday, April 26, 2008 @ 09:00 CDT by Daniel Andrlik

Google now supports OAuth: Sweet!

View Link Source

Tagged with

and having 0 Comments »

Coding Horror: Your Session Has Timed Out

Bookmarked via Ma.gnolia on Wednesday, April 16, 2008 @ 11:15 CDT by Daniel Andrlik

This is an interesting post by Jeff Atwood on how programmers should handle session expiration in their applications. I particularly like his explanation of why session expiration occurs:

The HTTP protocol that the web is built on is stateless. That means every individual request your browser sends to a web server is a newborn babe, cruelly born into a world that is utterly and completely oblivious to its existence.” :-)

View Link Source

Tagged with

and having 0 Comments »

Does what happen in Facebook stay in Facebook?

Bookmarked via Ma.gnolia on Saturday, April 12, 2008 @ 07:46 CDT by Daniel Andrlik

OK, this video from 2006 may be a little overblown, but conspiracy theories aside there are some questions worth asking here. Particularly when you consider the connections the author draws between some of Facebook’s investors. We’re not talking just about marketing firms here, we’re talking about CIA and DARPA. It’s a little tin-foil hat, but come on, in a country where something like the Total Information Awareness Project can be proposed by our defense department, anything is possible.

The video is well done so I will forgive the author the constant errors of referring to Facebook as “the Facebook” and asking the audience “do you have a Facebook?” :-)

View Link Source

Tagged with

and having 0 Comments »

OAuth Discovery 1.0 Draft 2 released with support from Ma.gnolia, Fire Eagle and Satisfaction

Bookmarked via Ma.gnolia on Wednesday, April 9, 2008 @ 10:07 CDT by Daniel Andrlik

OAuth Discovery, simply, is an extensible, machine-readable format for identifying OAuth-protected resources and service endpoints. Take a look at the provided example or Ma.gnolia’s actual discovery profile to get an idea for what these documents look like. ”

OAuth = Awesome-sauce

View Link Source

Tagged with

and having 0 Comments »

Introducing the Google Contacts Data API

Bookmarked via Ma.gnolia on Thursday, March 6, 2008 @ 21:39 CST by Daniel Andrlik

Finally, Google has provided a secure way of accessing contact information from a Google account. I for one will be happy to no longer have to hand my password over to a third party to access my account data. It’s also nice to have a standardized way of getting that data that does not depend on screen scraping.

Kudos to Google for releasing this much needed API!

View Link Source

Tagged with

and having 0 Comments »

Bootable flash key makes disk encryption attacks super-simple - Engadget

Bookmarked via Ma.gnolia on Tuesday, March 4, 2008 @ 10:43 CST by Daniel Andrlik

Security cat is sad.

Don’t leave your laptop sitting there, and if you turn it off wait a bit before walking away.

View Link Source

Tagged with

and having 0 Comments »

Lest We Remember: Cold Boot Attacks on Encryption Keys

Bookmarked via Ma.gnolia on Thursday, February 21, 2008 @ 16:07 CST by Daniel Andrlik

Via Boing Boing:

This is definitely not good. Don’t leave your encrypted laptop in on/suspended in public kids! Also, if you aren’t at least encrypting your /home directory (or wherever you keep your personal files), congrats on earning the EPIC FAIL.

View Link Source

Tagged with

and having 0 Comments »

TrustBearer Labs Releases Secure OpenID Service

Bookmarked via Ma.gnolia on Thursday, February 14, 2008 @ 14:36 CST by Daniel Andrlik

Trustbearer is now providing an OpenID service that is also linked to physical USB security keys, or even to biometrics like a fingerprint. A very cool extra layer to OpenID security.

View Link Source

Tagged with

and having 0 Comments »

Into The Past »