Heartbleed: Should I Change My Password?

The web is rife with recommendations that users change their passwords following a catastrophic bug in the widely used cryptography suite OpenSSL. So the question is, should you change your password?

The short answer is: Maybe?

This particular security hole is scary because we have no way of knowing whether ...

more ...

Securing User Content In The Javascriptable Web

My latest blog post appeared on O’Reilly Media’s programming blog.

Recent work by a W3 Working Group plans to expose many powerful cryptographic operations for web applications. Although the planned API adds much needed functionality to JavaScript, it doesn’t address the JavaScript runtime’s terrible security properties ...

more ...

Cryptographic Thinking

Advocates for a national DNA identity database won a major victory with the Supreme Court’s recent decision to permit the routine collection and storage of DNA data. Justice Anthony M. Kennedy wrote for the majority,

When officers make an arrest supported by probable cause to hold for a serious ...

more ...