Geek Feminism: Barbie Becomes a Computer Engineer

Feb. 12th, 2010 12:46 pm
terriko: (Default)
Here's the 140-chars-or-less version of a link to my latest post at Geek Feminism


Barbie Becomes a Computer Engineer: http://ur1.ca/m6lo It is interminably weird to imagine Barbie as a potential coworker!
Tags:

Web Insecurity: Bank being sued for teaching customers bad security habits

Feb. 10th, 2010 11:40 pm
terriko: (Default)
Bank being sued for teaching customers bad security habits

Really short version: Turns out, it's a terrible idea to teach your customers bad habits.

Longer verison: And by bad habits, we mean the digital equivalent of saying, "of course our agents hang out in dark alleys. You should totally go there and give your wallet to strangers if they ask."
Tags:

Web Insecurity: Amex thinks shorter passwords without special characters are more secure

Feb. 8th, 2010 11:41 am
terriko: (Default)
Another post to Web Insecurity. This one is pretty much explained by the title:


Amex thinks shorter passwords without special characters are more secure

I was working on a background section of my thesis proposal and was talking about how some misconceptions regarding security policies can result in web sites being a lot less secure. But [American Express] takes security misconceptions to a new low...


(Read the rest. And weep. Or laugh. It's pretty terrible.)
Tags:

Web Insecurity: Barcodes for breaches

Feb. 7th, 2010 01:19 pm
terriko: (Default)
This post is so short that I figured I might as well copy the whole thing from Web Insecurity. Sorry about the full duplicate!


Barcodes for breaches



qrcode

Barcode: <script>alert("test")</script>
I'm highly amused by the XSS, SQL Injection and Fuzzing Barcode Cheat Sheet. Who knew security attacks could look almost... pretty? It's just standard XSS and SQL injection test code translated to bar codes, so they could be used as injection vectors. I know I've scanned codes to grab an app I want faster on my phone, and I'm seeing codes popping up in the free daily papers, which I find somewhat interesting given that early attempts to get people to use barcodes have met with commercial failure and ridicule. Oh well, it's all ok now that we have smartphones, right?

Anyhow. This is still an entertaining attack vector. Maybe governments (such as my own!) will ban bar codes as hacking tools next?

Tags:

Web Insecurity: Credit card companies covering their ass(ets)

Feb. 5th, 2010 11:42 am
terriko: (Default)
I've rearranged my data feeds so I get more security news, and I'm finding I want to write a little bit about it, so I've resurrected WebInsecurity.net for the purpose of talking about recent security news. It's actually a nice warm-up exercise when I find myself having writer's block while I work on my thesis proposal. That's actually what I was hoping for when I started WebInsecurity.net, but then I found a lot of what I wanted to write should probably be in the proposal and it wasn't working so well as a change of pace. So time to reboot and try something easier to keep myself in good writing form.

So there will be new stuff at WebInsecurity.net and if you're so inclined, here's the webinsecurity.net rss feed or you can go use the fancy-schmancy subscribe buttons on the site itself. Edit: Oh, and there's [syndicated profile] webinsecurity_feed for the dreamwidth folk! (Have I mentioned how much I love dreamwidth lately?)

As most of these are just plain interesting, I'll probably post short summaries here too. So here's today's!


Web Insecurity: Credit card companies covering their ass(ets)
Exactly whose security does your credit card company have in mind? Here's a hint: It's probably not yours.

[B]asically, 3-D Secure [MasterCard SecureCode and Verified by Visa] provides economic security rather than technical security -- but not for you, the customer. It's providing extra security for the banks by passing the buck.

(Read more)
Tags:
Page generated Jul. 17th, 2025 11:24 pm
Powered by Dreamwidth Studios