Internet and e-mail policy and practice
including Notes on Internet E-mail


2014
Months
Dec

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed

Add to My Yahoo!

Subscribe with Bloglines


[Valid RSS]

Home :: Internet

13 Dec 2014

Can big companies stop being hacked? Internet

The recent huge security breach at Sony caps a bad year for big companies, with breaches at Target, Apple, Home Depot, P.F.Changs, Neiman Marcus, and no doubt other companies who haven't admitted it yet. Is this the new normal? Is there any hope for our private data? I'm not sure, but here are three observations.

Systems are so complex that nobody understands them

This week
Brian Krebs reported on several thousand Hypercom credit card terminals that all stopped working last Sunday. Had they all been hacked? No, they were doing exactly what they'd been programmed to do.

See more ...


posted at: 16:00 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Internet/hopeless.trackback

24 May 2014

Why do we accept $10 security on $1,000,000 data? Internet

Last week we heard of yet another egregious security breach at an online provider, as crooks made off with the names, address, and birth dates of eBay users, along with encrypted passwords. They suggest you change your password, which is likely a good idea, and you better also change every other place you used the same password. But that's not much help since you can't change your name, address, and birth date, which are ever so handy for phishing and identity theft.

There is plenty not to like about the way that eBay handled it, but a more important question is why we tolerate big allegedly sophisticated companies treating our personal information so casually.

See more ...


posted at: 23:06 :: permanent link to this entry :: 1 comments
Trackback link is http://jl.ly/Internet/badsec.trackback

13 Apr 2014

Open Source software is the worst kind except for all of the others Internet

Heartbleed, for anyone who doesn't read the papers, is a serious bug in the popular OpenSSL security library. Its effects are particularly bad, because OpenSSL is so popular, used to implement the secure bit of https: secure web sites on many of the most popular web servers such as apache, nginx, and lighttpd.

A few people have suggested that the problem is that OpenSSL is open source, and code this important should be left to trained professionals. They're wrong. The problem is that writing and testing cryptographic software is really, really hard.

See more ...


posted at: 00:39 :: permanent link to this entry :: 3 comments
Trackback link is http://jl.ly/Internet/openssl.trackback

15 Mar 2014

The Name Collision Conference Internet
Earlier this week Verisign sponsored a two day conference on name collisions in the DNS. Despite the very short time frame in which it was organized, only a month from announcement to meeting, there were some very good presentations. I'll just hit some highlights here; all of the papers and slides are on their web site at
namecollisions.net.

See more ...


posted at: 13:06 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Internet/collide.trackback

15 Oct 2013

About those anonymous bitcoins Internet
Recent press reports say that Silk Road, an online marketplace for illegal goods, was shut down by the FBI, who seized the servers and
about 26,000 bitcoins in multiple wallets. They also apparently have all of the site's records of transactions among about 4,000 sellers and 150,000 buyers. If you're one of these buyers or sellers, now what?

See more ...


posted at: 10:29 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Internet/btanon.trackback

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Can big companies stop being hacked?
5 days ago

A keen grasp of the obvious
In keeping with the theme of this blog
16 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2014 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.