There has been a lot of focus the week on so on session-token theft and IP restrictions to help mitigate stolen session tokens. I see that as a useful belt+suspenders approach right ...

 There has been a lot of focus the week on so on session-token theft and IP restrictions to help mitigate stolen session tokens. I see that as a useful belt+suspenders approach right ...

I've been spending a bunch of time lately thinking about usernames and passwords, and other types of credentials, and concept of "ownership". When you get a credit card, on the back it ...

I've been spending a bunch of time lately thinking about usernames and passwords, and other types of credentials, and concept of "ownership".When you get a credit card, on the back it typically ...

Reading Veracode's recent post: Mobile Security – Android vs. iOS, which is an infographic comparing Android and iOS security, I'm left with a few questions, some of which I posted as a ...

Reading Veracode's recent post: Mobile Security – Android vs. iOS, which is an infographic comparing Android and iOS security, I'm left with a few questions, some of which I posted as a ...

There have been a number of presentations of late that have tried to document howend-users get infected with malware.Both Google's malware report and a recent report from CSIS purport to tell us ...

There have been a number of presentations of late that have tried to document howend-users get infected with malware.Both Google's malware report and a recent report from CSIS purport to tell us ...

Jeremiah wrote today about web browsers and opt-in security. I think he gets it mostly right (and hey, he pointed at a paper I co-authored so I'm biased) but I think it ...

It is poll time. Doing a little planning and trying to figure out what people view as the biggest architectural weaknesses on the web security wise. I'm mainly focused on things within ...