Month: October 2010

User IDs – managing the mark of Cain

Facebook's latest privacy debacle was driven by their failure to properly manage user IDs. This is not a new problem area and as the EFF points out, Facebook has done this before. So while I don't know if Facebook will be interested in this post, those who care about protecting their user's privacy in an age of data sharing may want to have a look at the threats and defenses needed to share user IDs across sites. Securing user IDs isn't easy.

[Update 10/22/2010: Changed the title and intro and added three new sections at the end.]

Continue reading User IDs – managing the mark of Cain

11/2/2010 General Election Seattle, King County, Washington

It's voting time again. I still don't know why I bother. But here I am. Scroll down to see details about why I am voting the way I list.

  • Initiative Measure No. 1053 - No

  • Initiative Measure No. 1082 - No

  • Initiative Measure No. 1098 - No

  • Initiative Measure No. 1100 - No

  • Initiative Measure No. 1105 - No

  • Initiative Measure No. 1107 - No

  • Referendum Bill No. 52 - No

  • Amendment to the State Constitution Senate Joint Resolution No. 8225 - Yes

  • Amendment to the State Constitution Engrossed Substitute House Joint Resolution No. 4220 - No

  • Charter Amendment No. 1 Amendments to the Preamble - No

  • Charter Amendment No. 2 Amendment of Section 690 - Campaign Finance - Yes

  • Charter Amendment No. 3 Amendment of Section 890 and New Section 897 - Collective Bargaining - No

  • Proposition No. 1 Sales and Use Tax for Criminal Justice, Fire Protection, and Other Government Purposes - No

  • Seattle School District No. 1 Proposition No. 1 Supplemental Operations Levy - No

  • United States Senator - Patty Murray

  • United States Representative Congressional District No. 7 - Jim McDermott

  • State Representative Legislative District No. 46 - Position 2 - Phyllis G. Kenney

  • Seattle Municipal Court Judge Position No. 1 - Edsonya Charles

  • Seattle Municipal Court Judge Position No. 6 - Karen Donohue

  • State Supreme Court Justice Position No. 6 - Richard B. Sanders

Continue reading 11/2/2010 General Election Seattle, King County, Washington

OAuth 2.0 Bearer tokens – unsafe at any speed?

Eran's latest article raises a number of specific security threats by way of arguing that bearer tokens are irredeemably insecure. In this article I examine the attacks Eran calls out and demonstrate that they are already addressed by OAuth 2.0. Eran's article does bring up the interesting question of - do we need defense in depth for the tamper resistance and confidentiality provided by SSL/TLS?

Continue reading OAuth 2.0 Bearer tokens – unsafe at any speed?