Simon Willison’s Weblog

Items tagged security in Aug, 2007

Filters: Year: 2007 × Month: Aug × security ×

E-Voting Ballots Not Secret; Vendors Don’t See Problem. “You know things are bad when questions about a technical matter like security are answered by a public-relations firm.” # 20th August 2007, 3:19 pm

VeriSign’s SeatBelt OpenID plugin for Firefox. The first good example of browser integration for OpenID. It catches phishing attempts by watching out for rogue OpenID consumers that don’t redirect to the right place. # 17th August 2007, 5:37 pm

Bruce Schneier interviews Kip Hawley. The head of the Transportation Security Administration in conversation with one of his most eloquent critics. # 7th August 2007, 3:23 pm

DNS Pinning Explained. With diagrams. # 7th August 2007, 11:01 am

(somewhat) breaking the same-origin policy by undermining dns-pinning. This is the best technical explanation of the DNS rebinding attack I’ve seen. The linked demo worked for me in Safari but not in Camino. # 2nd August 2007, 12:53 pm

Your browser is a tcp/ip relay. Thoroughly nasty new(ish) attack that breaks the same-domain policy and allows intranet content to be stolen by a malicious site. Using virtual hosts (hence requiring the Host: header) is the best known protection. # 2nd August 2007, 12:53 pm

Side-Channel Attacks and Security Theatre. “In order to mount most of these attacks the attacker must be local [...] every good security person knows that if your attacker has the ability to run stuff on your machine, it is game over, so why are we even caring about these attacks?” # 2nd August 2007, 12:30 pm