If you thought the recent LinkedIn/eHarmony/LastFM password leak was troubling, just be glad you haven’t run into this, positively the most bizarre security warning available from gmail: We believe state-sponsored attackers may be attempting to compromise your account or computer. … Continue reading
I know patching massive and longstanding security holes doesn’t contribute to “developer fun”, but neither does living in a world where GitHub (and by extension every project that uses it) are vulnerable to direct exploitation: http://arstechnica.com/business/news/2012/03/hacker-commandeers-github-to-prove-vuln-in-ruby.ars One Russian coder (Egor … Continue reading
If we accept that account information is regularly and inevitably going to be exposed, as the litany of recent breaches suggests, the next question is how to design a system’s security to survive it. You can tell your users not … Continue reading
