Security

I hate passwords. Seems like several smart people are on the case of getting rid of the “password” Lucas Gonze, argues the loss of meaning around design of user authentication mechanisms. A world without passwords! How will we identify each other? Exchange tokens. Make “forgot password” the default. Passwords are the new pay-wall. A non-violent protest against the cruel overlord — the “password”. Justin Balthrop, calls for a boycott . Several alternatives to identify users — promoting password-less login in your apps. Eran Hammer — OAuth founder — gave up on OAuth 2.0. (An old link). Tim Bray didn’t take kindly to that post. Ahh IETF! You can grind the smartest minds to pulp. :)

There has been an increase in security breaches this year. This past week, two services I use were compromised - Tumblr and Apple Developer Connection. Both services informed me of the security breach, and one made me feel like they cared, and the other one didn’t. Perhaps I am reading too much into this, but at the very least, it illustrates how important language is, in conveying how much we care. Apple’s mail is clear, concise and inspires confidence in their ability to take care of my information. They state the purpose of this communication, tell me what they did about it, and what they were going to do to fix it in the future. Update: Apparently, it was a whitehat security guy doing his thing. ...

For the last few months I’ve been annoyed. Two or three times a week, I get a flurry of emails from Facebook and twitter claiming that I reset my password. Sounds like a first-world problem? It is. However, I have 4 emails linked to my Facebook account and one to my twitter account. I get on average 15-20 mails a week, and I dutifully dis-avow each one of them. Then, this happens. It scares the hell out of me, but I procrastinate. After a good two weeks, and 40 mails later, I’ve finally caved, and enabled it. Now, it’s practically impossible to hack my account. Password + token to access from any new device, and I can remotely revoke access to any device I lose. ...

Marius Oiaga of Softpedia News argues that Windows Vista is more secure than MAC OSX, on the grounds that there are more security patches for MACOSX in a 1 month period. Now, how naive is that?!! Developers at Microsoft are probably just catching their breaths after years of trying to get Windows Vista out of the “window” (excuse the pun). Now, why is Mac OSX more secure that Windows. Well, you never need to run as administrator (root, in unix speak) to get all applications to work efficiently. Since it is based on BSD unix (FreeBSD), Mac OSX’ architecture is definetely much more secure. Also, take into account, the fact, that there are only 6% of users on Mac OSX, and hence proves to be a very unlikely target for security breaches. ...

Yesterday, I was watching an interview with Mr Ankit Wadia (His website describes him as “The Computer Security guru. The Ethical Hacker. The Author. The Intelligence Consultant. The Entrepreneur.”) He was talking about how the web is unsecure today and how easy it is to crack passwords. Whilst, I was eagerly awaiting in anticipation to see how he hack into a yahoo password, he pulled a bluff on me, when he asked the presenter to enter his password and then he went about using Revelation to read the password from it! ...