NMandelbrot : running arbitrary code on client

As part of my grand plan for map-reduce in JavaScript and zero-install distributed computing, I had to think about how to gain user trust in a security context where we don’t trust the server. I couldn’t come up with a good answer. Since then, we’ve seen stories of malicious JavaScript installed to mine cryptocurrencies , we … More NMandelbrot : running arbitrary code on client

How much data can you lose before you’re in trouble?

Ransomware is a very aggressive attack. Whilst many espionage operations are about sneaking in and copying data without your knowledge, ransomware hits you over the head with a hammer to let you know you’ve lost your data. It’s not theft, it’s extortion. The big pro is that at least you know you’ve been breached, and … More How much data can you lose before you’re in trouble?

Your API sucks : security

Pop quiz time. You are given the following example URL to GET as an example of making a payment from your application. How many things here would make you back away slowly before setting the server farm on fire? http://www.example.com/api/pay?cardnumber=1234123412341234&ccv=1234&expirymonth=12&expiryyear=12&amountinpence=123456 So you complain it’s unsecured and they come back with an upgrade, so you need … More Your API sucks : security