Simon Willison’s Weblog

Atom feed for ben-laurie

5 posts tagged “ben-laurie”


Yahoo! yesterday launched their new development platform for My Yahoo! and Yahoo! Mail, which uses Caja to protect users from malicious gadgets. This means Caja suddenly got 275,000,000 users. Wow! I guess this makes Caja the most widely used capability language ever.

Ben Laurie

# 16th December 2008, 4:33 pm / caja, yahoo, ydn, ben-laurie, security, yahoomail

.. yet another ridiculous data breach: this time, people's passwords to the Government Gateway on a memory stick dropped in the road. Perhaps it is uncouth to point this out, but... if the system had been designed by people with any security clue whatsoever there would have been no passwords to put on a memory stick in the first place.

Ben Laurie

# 2nd November 2008, 1:04 pm / security, ben-laurie, passwords

Keyczar (via) New open source cryptography toolkit from Google, designed to get algorithm selection, key rotation and versioning right so you don’t have to. Java and Python versions are available; the Python version depends on PyCrypto.

# 13th August 2008, 1:20 pm / pycrypto, python, google, encryption, keyrotation, ben-laurie, java, keyczar


Configuring Apache httpd. Ben Laurie shows how to build up an Apache configuration file from first principles.

# 12th October 2007, 12:52 pm / apache, httpd, ben-laurie

Side-Channel Attacks and Security Theatre. “In order to mount most of these attacks the attacker must be local [...] every good security person knows that if your attacker has the ability to run stuff on your machine, it is game over, so why are we even caring about these attacks?”

# 2nd August 2007, 12:30 pm / ben-laurie, security, sidechannel, openssl, securitytheatre