28 April 2012 @ 12:37 pm
The iTunes music store will no longer let me buy music from them unless I fill out what they call "security questions". You know the kind: what was the first car you ever owned? What was the favorite of the cars you've owned? What was the least favorite? (These are all actual options and it lets you choose all three as your three security questions.) So anyone who knows enough about your personal history can impersonate you. For the record, I have owned a grand total of four cars, and I don't keep their brands secret from the world (for instance they've probably shown up in some of my photos).

These things always fall back to allowing you to reset your password and send you a temporary one by email, anyway. So fortunately it works to fill these things out with gibberish answers, knowing I won't remember them and nobody else will be able to guess them. I'm dreading the day when they put enough AI in the setup interface to require you to select actual makes of cars.
24 February 2010 @ 06:41 pm
Is it wrong of me to be worried about the interaction between pdf files as a frequently-exchanged medium of academic discourse, and pdf files as attack vectors, especially given rumors (later contradicted) that pdf vulnerabilities were involved in the recent Google/China spat? It would be bad if black hats figured out a way to infect the literature that we depend on. Maybe this means I should be more consistent about using my Kindle rather than my computer to view pdf files whenever I'm unsure of their provenance.
26 July 2007 @ 01:53 pm
Are you using https rather than unsecured http to connect to web mail accounts such as Gmail? You should be. Via Slashdot: unscrupulous ISPs are or will soon be paying attention not just to the sources and destinations of your internet traffic, but also to the content, reading your email and possibly even altering it. A bit of a scare piece but a good excuse to make sure you're taking reasonable precautions.
05 January 2007 @ 10:43 am
Feminism causes computer breakins by preventing physicists from paying for their computer support. Or so Luboš Motl would have us believe. What's next, alternative theories to string theory causing cancer? Via NEW.
27 October 2006 @ 06:55 pm
I have some concerns about the viability of computer security as an academic subdiscipline of computer science in the USA after this incident: security researcher announces flaw in airport security, congressman calls for his arrest. Whether or not Soghoian's proof-of-concept boarding-pass-generator crossed some line, it does not seem possible to do security research in an atmosphere in which pointing out flaws in security is seen by the government as evildoing and an opportunity for grandstanding. Too soon to have an opinion on how meaningful this development and Soghoian's subsequent lack of communication is, though.

And of course, if security research withers in the US, the net effect will be simply that the expertise in that area will be located elsewhere...not necessarily a desirable outcome.

See also: /., wired.