Webapp security: Different DB permissions for different requests

January 12th, 2008

When a GET hits your server, your RESTful webapp should not alter the database. Why not enforce this at the permissions level?

Read full entry »

Of LED art, suspicion, and a girl named Star

September 24th, 2007

Star Simpson, the 19-year-old arrested at Logan airport for having a "hoax device", is just another living, breathing, hoping, dreaming human, like you. Essentially, she was arrested for being an idealist, for not understanding that the people with the guns and the power see "different" as "dangerous".

The following was written by a friend of mine, who wishes to remain anonymous, but gave permission to share it.

Read full entry »

When torrents bite back

September 19th, 2007

Four days ago, a group calling itself the "MediaDefender-Defenders" released a torrent pointing to 700 megabytes of corporate emails from MediaDefender, a company providing "BitTorrent protection services" to record labels and movie studios. The emails expose company strategy, confidential contracts, passwords and login information, lists of servers and IP addresses, and reactions to mentions of the company in the news [read them here]. This post is a summary of recent events, along with a heaping of speculation as to what happened behind the scenes.

Read full entry »

Open surveillance to the public

June 21st, 2007

My local paper, the Daily Progress, ran a story today about a proposal to install 30 security cameras on the Downtown Mall. I think there's a wrong way to do this, and a right way. I'll explain why the wrong way is wrong, and suggest a scheme that could lead to a right (or better) way.

Read full entry »

Using Tor correctly: Anonymous browsing edition

October 21st, 2006

Tor is a popular system for sending Internet traffic anonymously. It is mainly used for three purposes: hiding one's identity, hiding the identity of the site one is visiting, and hiding the data that one is sending and receiving. However, using Tor without some basic precautions is worse than not using Tor at all, leading to privacy violations, data theft, and security concerns. Here, I cover browser security with respect to preventing identity and data leakage when using the Tor network. If you are only using it to defeat web filtering, feel free to read only the section called "Locking yourself down".

At the end is an executive summary. Use it as a guideline, but make sure to read this entire post first -- it contains important instructions on how to change your browsing habits.

Read full entry »