Category Archives: Computer Security

Oracle (née Sun) joins the club of companies who can’t keep their mailing lists secure

In September 2009, I registered as a developer at sun.com. When doing so, I used a tagged email address, i.e., an email address part of which was unique to my registration at that site. I’ve never used that particular email address anywhere else or published it anywhere. In January 2010, Oracle completed its acquisition of… Read More: Oracle (née Sun) joins the club of companies who can’t… »

Mysterious identity thief uses my email address to create Skype account

As I previously reported, somebody has been interacting with Web sites using my email address. I suspect that in addition to the ones I know about, this individual is probably also doing things that I don’t know about, because I assume that not all the web sites at which he’s using my address are kind enough… Read More: Mysterious identity thief uses my email address to create Skype… »

A study in contrasts: handling stolen email lists

I try to make a habit of giving out “tagged” email addresses to web sites when I sign up for accounts / mailing lists / whatever. For example, when creating an account at widgets.com, instead of just signing up as “jik@kamens.us”, I might sign up as “jik+widgets@kamens.us”. It ends up in the same mailbox regardless,… Read More: A study in contrasts: handling stolen email lists »

Astroturf for (or against?) Obama

An interesting comment showed up a few hours ago on an earlier blog posting of mine about Barack Obama: “Just wanted to say that I am eployed at a large Pharmaceutical company in Clayton NC and I support Barack Obama with all my heart. I would love for all my friends and colleagues to re-elect… Read More: Astroturf for (or against?) Obama »

The wrong way to be a good samaritan

You’ve probably heard by now (the party line from Gawker, an a much more comprehensive analysis from Forbes) that a huge database of Gawker Media usernames and (poorly) encrypted passwords was recently stolen, and that the thieves published the stolen data for anyone in the world to download, and that the thieves managed to crack… Read More: The wrong way to be a good samaritan »

Supposed SysAdmin & Network Security experts don’t know how to run a secure Web site

Yesterday, I decided I wanted to unsubscribe from one of the e-newsletters published by SANS, which bills itself as, “the most trusted source for computer security training, certification and research.” There were no instructions in the e-newsletter for how to unsubscribe, so I went to their Web site. It told me that I had to… Read More: Supposed SysAdmin & Network Security experts don’t know how to… »