authentication
As we continue to work on the code that will eventually become stackoverflow, we belatedly realized that we'd be contributing to the glut of username and passwords on the web. I have fifty online logins, and I can't remember any of them! Adding that fifty-first set
security
How many times have you returned to your web browser to be greeted by this unpleasant little notification: > Your session has timed out. Please sign in again. If you're anything like me, the answer is lots. What's worse is that you're usually kicked
programming languages
Our old pal A. K. Dewdney first introduced the world to Core War in a series of Scientific American articles starting in 1984. (Full page scans of the articles, including the illustrations, are also available.) Core War was inspired by a story I heard some years ago about a mischievous
privacy
From the ACM Code of Ethics [http://www.acm.org/about/code-of-ethics]:> As an ACM member I will 1. Contribute to society and human well-being. 2. Avoid harm to others. 3. Be honest and trustworthy. 4. Be fair and take action not to discriminate. 5. Honor property rights including
security
In November 2007 I called these three CAPTCHA implementations "unbreakable": Google (unbreakable) Hotmail (unbreakable) Yahoo (unbreakable) 2008 is shaping up to be a very bad year indeed for CAPTCHAs: * Jan 17: InformationWeek reports Yahoo CAPTCHA broken * Feb 6: Websense reports Hotmail CAPTCHA broken * Feb 22: Websense reports Google
security
As far back as I can remember-- which admittedly isn't very far-- GUI toolkits have included a special type of text entry field for passwords. As you type, the password field displays a generic character, usually a dot or asterisk, instead of the character you actually typed. I&
security
The most obvious badge of internet security is the "lock" icon. The lock indicates that the website is backed by a digital certificate: 1. This website is the real deal, not a fake set up by criminals to fool you. 2. All data between your browser and that
security
Software is digital through and through, and yet there's one unavoidable aspect of software installation that remains thoroughly analog: entering the registration key. The aggravation is intentional. Unique registration keys exist only to prevent piracy. Like all piracy solutions-- short of completely server hosted applications and games, where
security
Jon Galloway and I got into a heated debate a few weeks ago about the efficacy of anti-virus software. My position is that anti-virus software sucks, and worst of all, it doesn't work anyway. That's what I've been saying all along, and it'
security
I encourage my coworkers to lock their computers. Security, after all, is everyone's business. But often gentle encouragement is not enough. Sometimes, more.. persuasive methods are necessary. I first learned about the noble art of goating from from Omar Shahine: We have this problem in Hotmail. If you
security
Evidently hardware assisted brute force password cracking has arrived: A technique for cracking computer passwords using inexpensive off-the-shelf computer graphics hardware is causing a stir in the computer security community. Elcomsoft, a software company based in Moscow, Russia, has filed a US patent for the technique. It takes advantage of
security
The web is nothing if not a maze of user accounts and logins. Almost everywhere you go on the web requires yet another new set of credentials. Unified login seems to elude us at the moment, so the status quo is an explosion of usernames and passwords for every user.