Archive for December, 2007

A Bit About DNS

The Domain Name System is generally taken for granted. You put in a name, like, and you get back an IP address (at the time of this post, The addresses change sometimes, but it just works. However, it’s taken for granted so often that sometimes big security consequences lurk within. I’m not going […]

attacks, networks

Flash and the Same-Origin Policy

Web browsers protect the user from attacks largely through the same-origin policy: any code from one web site (such as HTML pages or JavaScript) is not permitted to interact with any code from another web site. I can make a web page that embeds a Hotmail window in the middle of it (with an IFRAME), […]

attacks, risk

Anonymity with TOR and its limits

The post at the Unwired Video Blog about TOR has been getting a lot of publicity, having been linked to by both Lifehacker and Boing Boing. It provides a quick overview of TOR, how it works, and how to use it to browse the Web anonymously. This is a good thing; people using services like […]

anonymity, attacks, crypto

New Legislation: SAFE and PRO IP

There has been some controversy over two new security-related bills in the United States Congress right now: the SAFE Act and PRO IP. The SAFE Act (Secure Adolescents From Exploitation Online; another case where the acronym almost certainly came first) aims to protect children and teenagers from exploitation by increasing enforcement of child pornography laws.  […]

dmca, legal, piracy, society

Securing Data at Rest with Cryptography

Over at Schneier on Security, Bruce Schneier has a post today about securing data on disk. Encryption is often sold as a panacea for all security problems — which it’s not — but keeping people from reading your data if they steal your laptop is one thing encryption is really good at, and it’s an […]

crypto, legal, passwords, products