These are my links for May 18th:
- Is Facebook Working on a Recommendation Technology? – The heck with "if you like that, you'll like this" service. What about, if "you trust so-and-so, I might want to know / trust so-and-so too"? The socialnet needs a reputation system.
- Privacy Risks Get Real – California Privacy Laws, Octomom, and Kaiser Permanente – Not a surprise, really. I remember a scary discussion I had with a consultant with Kaiser Permanente (emperor forever? really? seriously stupid name, sorry I digress). We were discussing their implementation of PKI and he joked at how terribly they had implemented "securing" of the private keys. They were stored in LDAP… wait for it… in the clear! I of course have no way to verify if this was true, but enough of the other details of their implementation rang true to indicate the consultant and his sidekick knew of what they spoke.
Remember, you can implement great security all day long, do it badly and be even worse off than when you started because others will act on the belief that it IS more secure, when it isn't.
- Facebook hit by phishers again – Yup. FB and all other socialnet sites need to step up to a strong authentication model.
- Linked Data is Blooming: Why You Should Care – Related to my post: "Tim Berners-Lee next big thing?" Interesting stuff, but just like HTTP, without any security or access control infrastructure.
- Are Your "Secret Questions" Too Easily Answered? (Robert Lemos/Technology Review) – OK, so good to see that this issue is finally getting a bit more coverage. Certainly, chatting with real world implementers of Q&A reveals that this is a hot topic and Q&A is a big problem both for protecting against compromise and in not driving end-users nuts when they forget their answers.
I have ideas of course for those implementing Q&A, but that'll cost you a live sales conversation to get those . For those of us on the end-user side, I recommend getting some type of field filling / remembering product (I use RoboForm) and use it to generate and remember 1) strong passwords and 2) answers to questions. Heck, I just reuse RoboForm's "Generate Password" feature to generate the answers. No one is ever going to guess the answer to "Your favorite baseball team?" is: i%2q5$SN4$AG. RoboForm or your equivalent software tool of choice will.
Oh, and be sure to encrypt your "password remembering" files with something other than a password (I recommend TrueCrypt). Also never, never, ever use the built-in password remembering functions of your browser.
