There has been a lot of focus the week on so on session-token theft and IP restrictions to help mitigate stolen session tokens. I see that as a useful belt+suspenders approach right now - but I'm reminded that many years ago when we started making significant progress against phishing, attackers ... Read More

 There has been a lot of focus the week on so on session-token theft and IP restrictions to help mitigate stolen session tokens. I see that as a useful belt+suspenders approach right now - but I'm reminded that many years ago when we started making significant progress against phishing, attackers ... Read More

Recently I was reading the book “The Box: How the Shipping Container Made the World Smaller and the World Economy Bigger”. I was struck by how many pieces and components had to fit together to achieve this big change, and ... Read More

I've been spending a bunch of time lately thinking about usernames and passwords, and other types of credentials, and concept of "ownership". When you get a credit card, on the back it typically says something like - "Your card is issued and serviced by XYZ Bank pursuant to a license ... Read More

I've been spending a bunch of time lately thinking about usernames and passwords, and other types of credentials, and concept of "ownership".When you get a credit card, on the back it typically says something like - "Your card is issued and serviced by XYZ Bank pursuant to a license from ... Read More

Reading Veracode's recent post: Mobile Security – Android vs. iOS, which is an infographic comparing Android and iOS security, I'm left with a few questions, some of which I posted as a comment on their site. While the graphic does a good job of summarizing the notable differences between these ... Read More

Reading Veracode's recent post: Mobile Security – Android vs. iOS, which is an infographic comparing Android and iOS security, I'm left with a few questions, some of which I posted as a comment on their site.While the graphic does a good job of summarizing the notable differences between these two ... Read More

There have been a number of presentations of late that have tried to document howend-users get infected with malware.Both Google's malware report and a recent report from CSIS purport to tell us how people get malware, based on how what malware they detect most frequently online, and what exploits it ... Read More

There have been a number of presentations of late that have tried to document howend-users get infected with malware.Both Google's malware report and a recent report from CSIS purport to tell us how people get malware, based on how what malware they detect most frequently online, and what exploits it ... Read More

Jeremiah wrote today about web browsers and opt-in security. I think he gets it mostly right (and hey, he pointed at a paper I co-authored so I'm biased) but I think it also misses the mark a little.Once upon a time there were only two major web browsers, and their ... Read More