This is kl's TypePad Profile.
Join TypePad and start following kl's activity
kl
Recent Activity
That's non-sequitur.
Better on-line identity will not solve problem of unencrypted traffic. Any identity solution will be vulnerable unless:
Browser expects to get secure protocol and will refuse to fall back to an older one. Without this you can do MITM swapping new, secure protocol for old leaky one (e.g. replace Digest authentication with Basic auth).
Browser can verify identity of server using other/trusted communication channel (SSL does that by storing CA certificates offline). Without this you'll be securely sending your identity to an attacker spoofing a server.
All traffic has to be encrypted and tamper-proof. If you only protect identity, then attacker performing MITM can perform replay attack, change request parameters, steal data, etc. — you're still exposed to lot of risks.
Commented Nov 14, 2010 on Breaking the Web's Cookie Jar at Coding Horror
Breaking the Web's Cookie Jar
The Firefox add-in Firesheep caused quite an uproar a few weeks ago, and justifiably so. Here's how it works: Connect to a public, unencrypted WiFi network. In other words, a WiFi network that doesn't require a password before you can connect to it. Install Firefox and the Firesheep add-in. W...
There is one "Mac AppStore" already: http://appbodega.com
It does support Sparkle. It's a bit slow and clunky though (feels like a webpage, not a native app).
Commented Oct 20, 2010 on How to Make an Open App Store on the Mac at dashes.com
How to Make an Open App Store on the Mac
Apple took the not-very-surprising step of announcing an App Store for Mac OS X, an idea I was ruminating about earlier today in looking at all the app stores available today. So, now that we know that it exists, how do people who are concerned about the openness of the Mac OS X
kl is now following The Typepad Team
Oct 20, 2010
Subscribe to kl’s Recent Activity
