Salsa Scoop
tag: ”blog:security“
This Blog Is a Phish for the No-Fly List
Submitted Fri Feb 01 2008 16:06:19 GMT-0500 (EST)
The TSA -- the very face of obnoxious, ineffective, ham-handed government to anyone with the misfortune of commercial air travel "in the wake of September 11" -- has launched a blog.
This'll be interesting.
Smarter folk than I find this promising, but it's hard to see where this is going, especially since the bloggers profess surprise at the torrential commentary.
What are the distinguishing characteristics of this institution that makes it a good fit for this communications medium?
Blog | TSA | |
Structure | Networked, sharing | Top-down, secretive |
User's Alternatives | Goof off elsewhere | Hitchhike |
Characteristic discourse | Questioning, conversational | Pettily dictatorial |
Liquids allowed? | Downright encouraged | War on States of Matter continuing unabated |
Punitive Measures Available | Troll-rating | Extraordinary rendition |
Read more (1 comment)
A Few Notes on Security
Submitted Fri Nov 16 2007 12:05:36 GMT-0500 (EST)
DIA competitor Convio suffered a major security breach that unfolded publicly last week, as many readers may know. This post is well past its immediate news cycle, but we've quite understandably been asked in light of that event about our own security procedures as well, and wanted to put them on the record.
For anyone unfamiliar with the story, the thumbnail version is that a compromised password enabled an intruder to download scores of Convio clients' lists ... and that those downloads included hundreds of thousands or millions of plain text (rather than encrypted) versions of ordinary users' passwords.
The NTEN blog summarizes the affair here. Allan Benamer's initial alert -- and accompanying comment thread -- have a lot more.
Any system could be hacked or compromised, of course; this is a risk all online providers face and strive to minimize -- we're doing the reflexive sympathetic wince over here that you do when someone on TV gets clobbered in a sensitive spot.
But beyond the initial intrusion, the compromised passwords are the real problem. Since many users re-use the same passwords across many different systems -- including financial presences such as online banking, PayPal, amazon.com and the like -- it's potentially hugely damaging.
So, most importantly for users of DemocracyInAction's Salsa platform: this particular aspect of the breach has not happened and could not happen in our system.
We use, and always have used, industry-standard one-way encryption algorithms to protect passwords for all users and campaign managers. Neither intruders nor organization administrators nor users themselves can ever actually see even their own password.
Read more (14 comments)