<?xml version="1.0" encoding="UTF-8"?>
 <rdf:RDF xmlns="http://purl.org/rss/1.0/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://web.resource.org/cc/" xmlns:syn="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/">
  <channel rdf:about="http://pinboard.in">
    <title>Pinboard (vielmetti)</title>
    <link>https://pinboard.in/u:vielmetti/public/</link>
    <description>recent bookmarks from vielmetti</description>
    <items>
      <rdf:Seq>	<rdf:li rdf:resource="http://jeffq.com/blog/the-ethernet-pause-frame/"/>
	<rdf:li rdf:resource="https://www.eclypsium.com/"/>
	<rdf:li rdf:resource="https://freedom-to-tinker.com/2018/04/11/routing-attacks-on-internet-services/"/>
	<rdf:li rdf:resource="https://github.com/golang/go/issues/23672"/>
	<rdf:li rdf:resource="http://www.computerworld.com/article/3048189/cybercrime-hacking/vnc-roulette-prepare-to-be-hacked-if-you-dont-use-a-password-for-vnc.html"/>
	<rdf:li rdf:resource="http://www.mit.edu/~avp/lqcd/ssh-vnc.html"/>
	<rdf:li rdf:resource="http://www.courier-journal.com/story/news/2017/04/10/video-shows-man-forcibly-removed-united-flight-chicago-louisville/100274374/"/>
	<rdf:li rdf:resource="https://github.com/jopohl/urh"/>
	<rdf:li rdf:resource="http://dl.acm.org/citation.cfm?id=3029832"/>
	<rdf:li rdf:resource="https://blog.acolyer.org/2017/04/03/a-study-of-security-vulnerabilities-on-docker-hub/"/>
	<rdf:li rdf:resource="https://github.com/docker/docker/issues/32109"/>
	<rdf:li rdf:resource="http://www.usatoday.com/story/tech/news/2016/02/24/nissan-disables-app-hacked-electric-leaf-smart-phone-troy-hunt/80882756/"/>
	<rdf:li rdf:resource="http://radicalnetworks.org/participate/"/>
	<rdf:li rdf:resource="http://www.wired.com/2014/05/iot-report/?mbid=social_fb"/>
	<rdf:li rdf:resource="http://www.ohio.com/news/break-news/akron-s-website-might-not-be-completely-restored-for-months-1.405932"/>
	<rdf:li rdf:resource="https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt"/>
	<rdf:li rdf:resource="http://www.tbray.org/ongoing/When/201x/2012/07/28/Oauth2-dead"/>
	<rdf:li rdf:resource="http://gawker.com/5740744/"/>
	<rdf:li rdf:resource="http://blogs.mcclatchydc.com/law/2011/01/epic-tries-and-fails-to-see-secret-whole-body-scanning-images.html"/>
	<rdf:li rdf:resource="http://www.zoneminder.com/"/>
	<rdf:li rdf:resource="http://arbsec.org/"/>
	<rdf:li rdf:resource="http://www.steike.com/code/spotify-vs-ollydbg/"/>
	<rdf:li rdf:resource="http://www.securitymetrics.org/content/attach/Welcome_blogentry_010806_1/keynote_bellovin.txt"/>
	<rdf:li rdf:resource="http://www.hackingscada.com/"/>
	<rdf:li rdf:resource="http://www.win.tue.nl/hashclash/rogue-ca/"/>
	<rdf:li rdf:resource="http://stephensonstrategies.com/directory-of-major-blog-posts/10-21st-century-disaster-prep-tips-you-wont-get-from-government/"/>
	<rdf:li rdf:resource="http://mobileactive.org/wiki/Mobile_Surveillance-A_Primer"/>
	<rdf:li rdf:resource="http://asert.arbornetworks.com/2008/11/2008-worldwide-infrastructure-security-report/"/>
	<rdf:li rdf:resource="http://threatchaos.com/?p=281"/>
	<rdf:li rdf:resource="http://www.emergentchaos.com/"/>
	<rdf:li rdf:resource="http://mike.teczno.com/notes/openid-again.html"/>
	<rdf:li rdf:resource="http://neosmart.net/blog/2008/google-doesnt-use-openid/"/>
	<rdf:li rdf:resource="http://www.achangeiscoming.net/docs/cssocsci.html"/>
	<rdf:li rdf:resource="http://insecure.org/stf/tcp-dos-attack-explained.html"/>
	<rdf:li rdf:resource="http://teddziuba.com/2008/09/openid-is-why-i-hate-the-inter.html"/>
	<rdf:li rdf:resource="http://www.democracynow.org/blog/2008/9/1/amy_goodman_and_two_democracy_now_producers_unlawfully_arrested_at_the_rnc"/>
	<rdf:li rdf:resource="https://wiki.mozilla.org/Labs/Ubiquity/Ubiquity_0.1_Author_Tutorial"/>
	<rdf:li rdf:resource="http://www.theregister.co.uk/2008/07/30/debra_bowen_usenix_keynote/"/>
	<rdf:li rdf:resource="http://www.wired.com/politics/security/commentary/securitymatters/2008/03/securitymatters_0320"/>
	<rdf:li rdf:resource="http://news.cnet.com/8301-13578_3-10004646-38.html"/>
	<rdf:li rdf:resource="http://www.provos.org/index.php?/pages/dnstest.html"/>
	<rdf:li rdf:resource="http://code.google.com/p/ratproxy/"/>
	<rdf:li rdf:resource="http://wordpress.org/development/2008/02/wordpress-233/"/>
	<rdf:li rdf:resource="http://www.wired.com/politics/security/commentary/securitymatters/2007/12/securitymatters_1213"/>
	<rdf:li rdf:resource="http://securitydigest.org/phage/bydate"/>
	<rdf:li rdf:resource="http://www.zwire.com/site/news.cfm?newsid=19018393&amp;BRD=985&amp;PAG=461&amp;dept_id=161556&amp;rfi=6"/>
	<rdf:li rdf:resource="http://www.flickr.com/photos/rosefirerising/2004550752/"/>
	<rdf:li rdf:resource="http://hyper.to/blog/link/opensocial-insecurity-no-user-to-app-authentication/"/>
	<rdf:li rdf:resource="http://theharmonyguy.com/"/>
	<rdf:li rdf:resource="http://openid.net/pipermail/general/2007-January/001260.html"/>
	<rdf:li rdf:resource="http://www.computerworld.com/action/article.do?command=viewArticleBasic&amp;articleId=9043418"/>
	<rdf:li rdf:resource="http://www.thespanner.co.uk/2007/10/17/openid-account-security/"/>
	<rdf:li rdf:resource="http://ttlnews.blogspot.com/2007/10/outstanding-issues-with-openid-and-tips.html"/>
	<rdf:li rdf:resource="http://www.links.org/?p=188"/>
	<rdf:li rdf:resource="http://www.links.org/?p=187"/>
	<rdf:li rdf:resource="http://www.idcorner.org/?p=161"/>
	<rdf:li rdf:resource="http://www.xmlgrrl.com/blog/archives/2007/09/21/sun-openid-idp-protocol-and-implementation-review/"/>
	<rdf:li rdf:resource="http://googleonlinesecurity.blogspot.com/2007/07/reason-behind-were-sorry-message.html"/>
	<rdf:li rdf:resource="http://www.gnucitizen.org/blog/searching-for-evil"/>
	<rdf:li rdf:resource="http://planet-websecurity.org/Mozilla+Says+%22Ten+Fucking+Days%22/"/>
	<rdf:li rdf:resource="http://planet-websecurity.org/Congratulation!+You%E2%80%99ve+been+nominated+for+a+Pwnie+Award./"/>
	<rdf:li rdf:resource="http://www.networkworld.com/news/2007/073007-ietf-qa.html"/>
	<rdf:li rdf:resource="http://blog.taragana.com/index.php/archive/angsumans-authenticated-wordpress-plugin-password-protection-for-your-wordpress-blog/"/>
	<rdf:li rdf:resource="http://mezzoblue.com/archives/2007/06/05/unsettling/"/>
	<rdf:li rdf:resource="http://mikeg.typepad.com/perceptions/2007/04/corporate_data_.html"/>
	<rdf:li rdf:resource="http://www.oscandy.com/hacking/454-dreamhost-hosting-platform-hacked"/>
	<rdf:li rdf:resource="http://www.newscientisttech.com/channel/tech/mg19426026.000-web-browsers-are-new-frontline-in-internet-war.html"/>
	<rdf:li rdf:resource="http://news.bbc.co.uk/2/hi/technology/6526851.stm"/>
	<rdf:li rdf:resource="http://google.brand.edgar-online.com/fetchFilingFrameset.aspx?FilingID=5062935&amp;Type=HTML"/>
	<rdf:li rdf:resource="http://www.fcw.com/article96438-10-16-06-Print"/>
      </rdf:Seq>
    </items>
  </channel><item rdf:about="http://jeffq.com/blog/the-ethernet-pause-frame/">
    <title>Obscure Ethernet for $200 please, Alex: The Ethernet PAUSE frame – jeffq, published</title>
    <dc:date>2019-01-22T21:29:43+00:00</dc:date>
    <link>http://jeffq.com/blog/the-ethernet-pause-frame/</link>
    <dc:creator>vielmetti</dc:creator><dc:subject>ethernet network networking security pause network-down</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:1752539c3724/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ethernet"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:network"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:networking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:pause"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:network-down"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.eclypsium.com/">
    <title>Eclypsium</title>
    <dc:date>2018-04-30T18:20:06+00:00</dc:date>
    <link>https://www.eclypsium.com/</link>
    <dc:creator>vielmetti</dc:creator><dc:subject>firmware chipsec infosec security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:e4d609324555/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:firmware"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:chipsec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://freedom-to-tinker.com/2018/04/11/routing-attacks-on-internet-services/">
    <title>Routing Attacks on Internet Services</title>
    <dc:date>2018-04-14T21:12:15+00:00</dc:date>
    <link>https://freedom-to-tinker.com/2018/04/11/routing-attacks-on-internet-services/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[The emergence of routing attacks on anonymity systems, Internet domain validation, and cryptocurrencies showcases that conventional wisdom has significantly underestimated the attack surface introduced due to the insecurity of Internet routing. It is imperative for critical Internet applications to be aware of the insecurity of Internet routing, and analyze the resulting security threats.

Given the vulnerabilities in Internet routing, applications should consider domain specific defense mechanisms for enhancing user security and privacy. Examples include our Counter-RAPTOR analytics for Tor and Multiple vantage point defense for domain validation). We hope that our work, and the research discussed above is an enabler for this vision.

While it is important to design and deploy application-specific defenses for protecting our systems against routing attacks that exploit current insecure Internet infrastructure, it is even more important to rethink the status quo of insecure routing protocols. Our ultimate goal ought to be to fundamentally eliminate the insecurity in today’s Internet routing protocols by moving towards the adoption of secure countermeasures. How do we drive this change?]]></description>
<dc:subject>internet security privacy routing bgp via:cdzombak</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:b74c0a42e3f4/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:internet"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:routing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:bgp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:via:cdzombak"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/golang/go/issues/23672">
    <title>cmd/go: arbitrary code execution during “go get” · Issue #23672 · golang/go</title>
    <dc:date>2018-02-09T01:14:59+00:00</dc:date>
    <link>https://github.com/golang/go/issues/23672</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[When cgo is enabled, the build step during “go get” invokes the host C compiler, gcc or clang, adding compiler flags specified in the Go source files. Both gcc and clang support a plugin mechanism in which a shared-library plugin is loaded into the compiler, as directed by compiler flags. This means that a Go package repository can contain an attack.so file along with a Go source file that says (for example) // #cgo CFLAGS: -fplugin=attack.so, causing the attack plugin to be loaded into the host C compiler during the build. Gcc and clang plugins are completely unrestricted in their access to the host system.

Thanks to Christopher Brown of Mattermost for reporting this problem.

This issue is CVE-2018-6574.]]></description>
<dc:subject>golang go security cve</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:586667aae54b/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:golang"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:go"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:cve"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.computerworld.com/article/3048189/cybercrime-hacking/vnc-roulette-prepare-to-be-hacked-if-you-dont-use-a-password-for-vnc.html">
    <title>VNC Roulette: Prepare to be hacked if you don't use a password for VNC | Computerworld</title>
    <dc:date>2017-06-14T19:34:24+00:00</dc:date>
    <link>http://www.computerworld.com/article/3048189/cybercrime-hacking/vnc-roulette-prepare-to-be-hacked-if-you-dont-use-a-password-for-vnc.html</link>
    <dc:creator>vielmetti</dc:creator><dc:subject>vnc security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:b40ee1fc9545/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:vnc"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.mit.edu/~avp/lqcd/ssh-vnc.html">
    <title>Securing VNC with SSH</title>
    <dc:date>2017-06-14T19:33:54+00:00</dc:date>
    <link>http://www.mit.edu/~avp/lqcd/ssh-vnc.html</link>
    <dc:creator>vielmetti</dc:creator><dc:subject>vnc ssh security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:cdeb40068df7/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:vnc"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ssh"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.courier-journal.com/story/news/2017/04/10/video-shows-man-forcibly-removed-united-flight-chicago-louisville/100274374/">
    <title>Video shows man forcibly removed from United flight from Chicago to Louisville</title>
    <dc:date>2017-04-10T16:50:29+00:00</dc:date>
    <link>http://www.courier-journal.com/story/news/2017/04/10/video-shows-man-forcibly-removed-united-flight-chicago-louisville/100274374/</link>
    <dc:creator>vielmetti</dc:creator><dc:subject>united security video united-breaks-guitars</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:5144ddddb3b8/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:united"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:video"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:united-breaks-guitars"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/jopohl/urh">
    <title>jopohl/urh: Universal Radio Hacker: investigate wireless protocols like a boss</title>
    <dc:date>2017-04-07T05:55:42+00:00</dc:date>
    <link>https://github.com/jopohl/urh</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[security
signal-processing
wireless
iot
sdr
hacking]]></description>
<dc:subject>security signal-processing wireless iot sdr hacking python</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:28179167b72a/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:signal-processing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:wireless"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:iot"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:sdr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:python"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://dl.acm.org/citation.cfm?id=3029832">
    <title>A Study of Security Vulnerabilities on Docker Hub</title>
    <dc:date>2017-04-05T02:22:54+00:00</dc:date>
    <link>http://dl.acm.org/citation.cfm?id=3029832</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Docker containers have recently become a popular approach to provision multiple applications over shared physical hosts in a more lightweight fashion than traditional virtual machines. This popularity has led to the creation of the Docker Hub registry, which distributes a large number of official and community images. In this paper, we study the state of security vulnerabilities in Docker Hub images. We create a scalable Docker image vulnerability analysis (DIVA) framework that automatically discovers, downloads, and analyzes both official and community images on Docker Hub. Using our framework, we have studied 356,218 images and made the following findings: (1) both official and community images contain more than 180 vulnerabilities on average when considering all versions; (2) many images have not been updated for hundreds of days; and (3) vulnerabilities commonly propagate from parent images to child images. These findings demonstrate a strong need for more automated and systematic methods of applying security updates to Docker images and our current Docker image analysis framework provides a good foundation for such automatic security update.

]]></description>
<dc:subject>ncsu security infosec docker dockerhub containers software-supply-chain</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:d3ca3d448b8f/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ncsu"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:docker"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:dockerhub"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:containers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:software-supply-chain"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://blog.acolyer.org/2017/04/03/a-study-of-security-vulnerabilities-on-docker-hub/">
    <title>A study of security vulnerabilities on Docker Hub | the morning paper</title>
    <dc:date>2017-04-04T02:43:54+00:00</dc:date>
    <link>https://blog.acolyer.org/2017/04/03/a-study-of-security-vulnerabilities-on-docker-hub/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[RT @adriancolyer: On the need for stronger software supply chain management: a Docker Hub case study.  ]]></description>
<dc:subject>dockerhub security docker software-supply-chain</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:a13607c19fd2/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:dockerhub"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:docker"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:software-supply-chain"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/docker/docker/issues/32109">
    <title>aarch64 make deb fails 17.03.x · Issue #32109 · docker/docker</title>
    <dc:date>2017-04-03T17:49:36+00:00</dc:date>
    <link>https://github.com/docker/docker/issues/32109</link>
    <dc:creator>vielmetti</dc:creator><dc:subject>ubuntu xenial security docker build broken</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:88147c6a2525/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ubuntu"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:xenial"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:docker"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:build"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:broken"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.usatoday.com/story/tech/news/2016/02/24/nissan-disables-app-hacked-electric-leaf-smart-phone-troy-hunt/80882756/">
    <title>Nissan Leaf app deactivated because it's hackable</title>
    <dc:date>2016-02-25T10:54:37+00:00</dc:date>
    <link>http://www.usatoday.com/story/tech/news/2016/02/24/nissan-disables-app-hacked-electric-leaf-smart-phone-troy-hunt/80882756/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[All you needed was the VIN ... Nissan Leaf app deactivated because it's hackable  @usatoday #security #IoT]]></description>
<dc:subject>security IoT</dc:subject>
<dc:source>https://twitter.com/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:ec427de7649d/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:IoT"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://radicalnetworks.org/participate/">
    <title>Participate</title>
    <dc:date>2015-08-15T01:26:49+00:00</dc:date>
    <link>http://radicalnetworks.org/participate/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[RT @beatricemartini: .@RadNetworks Conference call for proposals: open until August 15! Join & share!  #networks #offline #mesh #security]]></description>
<dc:subject>mesh security offline networks</dc:subject>
<dc:source>https://twitter.com/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:ead8875d6794/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:mesh"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:offline"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:networks"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.wired.com/2014/05/iot-report/?mbid=social_fb">
    <title>Why Tech’s Best Minds Are Very Worried About the Internet of Things | Enterprise | WIRED</title>
    <dc:date>2014-07-21T02:10:58+00:00</dc:date>
    <link>http://www.wired.com/2014/05/iot-report/?mbid=social_fb</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[RT @michaelyoungSTL: “Most of the devices exposed on the internet will be vulnerable,” says @jerrymichalski. #security #internetofthings ]]></description>
<dc:subject>security internetofthings</dc:subject>
<dc:source>https://twitter.com/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:41f810ebfdef/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:internetofthings"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.ohio.com/news/break-news/akron-s-website-might-not-be-completely-restored-for-months-1.405932">
    <title>Akron’s website might not be completely restored for months - Break News - Ohio</title>
    <dc:date>2013-06-15T03:40:14+00:00</dc:date>
    <link>http://www.ohio.com/news/break-news/akron-s-website-might-not-be-completely-restored-for-months-1.405932</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[RT @MattH: “What we are trying to do is what you might call ‘security by obscurity,’' -Rick Schmahl, Akron OH Chief Info Officer ]]></description>
<dc:subject>akron-ohio security infosec security-by-obscurity</dc:subject>
<dc:source>https://twitter.com/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:1fb502f7d334/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:akron-ohio"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security-by-obscurity"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt">
    <title>Critical SSH Backdoor in multiple Barracuda Networks Products</title>
    <dc:date>2013-01-25T15:40:13+00:00</dc:date>
    <link>https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Several undocumented operating system user accounts exist on the appliance.
]]></description>
<dc:subject>barracuda security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:776e529a2703/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:barracuda"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.tbray.org/ongoing/When/201x/2012/07/28/Oauth2-dead">
    <title>ongoing by Tim Bray · On the Deadness of OAuth 2</title>
    <dc:date>2012-07-31T04:28:53+00:00</dc:date>
    <link>http://www.tbray.org/ongoing/When/201x/2012/07/28/Oauth2-dead</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA["pomo Web π.0 hipsters"; "Standards-making is a boring, bureaucratic, unpleasant process, infested by difficult people and psychopathic institutions."]]></description>
<dc:subject>architecture ietf security tbray standards web-pi-point-o</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:8d93b023ee8c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:architecture"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ietf"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:tbray"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:standards"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:web-pi-point-o"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://gawker.com/5740744/">
    <title>You Can Buy Illegal Access to U.S. Military Websites for $500</title>
    <dc:date>2011-01-23T02:42:40+00:00</dc:date>
    <link>http://gawker.com/5740744/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[I'm going to go for the bargain and hack the State of Michigan and have some real fun. Ha! Try to find yourself on the hand now, Michiganders! 
]]></description>
<dc:subject>michigan-gov security infosec talk-to-the-mitten</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:58858d15bfcf/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:michigan-gov"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:talk-to-the-mitten"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://blogs.mcclatchydc.com/law/2011/01/epic-tries-and-fails-to-see-secret-whole-body-scanning-images.html">
    <title>McClatchy blog: Suits &amp; Sentences</title>
    <dc:date>2011-01-13T02:18:57+00:00</dc:date>
    <link>http://blogs.mcclatchydc.com/law/2011/01/epic-tries-and-fails-to-see-secret-whole-body-scanning-images.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[This is an interesting case on the FOIA frontier, the boundary between privacy and new security technologies.

EPIC, in its 2009 FOIA requests, sought among other things "all unfiltered or unobscured images captured using body scanning technologies." The Department of Homeland Security coughed up 1,766 pages of documents but withheld the 2,000 images apparently taken during training. The images, federal officials said, showed "various threat objects dispersed over the bodies."



Read more: http://blogs.mcclatchydc.com/law/2011/01/epic-tries-and-fails-to-see-secret-whole-body-scanning-images.html#ixzz1AsUHYqyU]]></description>
<dc:subject>foia privacy security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:a41affe90628/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:foia"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.zoneminder.com/">
    <title>ZoneMinder: Linux Home CCTV and Video Camera Security with Motion Detection</title>
    <dc:date>2010-02-25T16:10:41+00:00</dc:date>
    <link>http://www.zoneminder.com/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Welcome to ZoneMinder.com, home of ZoneMinder the top Linux video camera security and surveillance solution. ZoneMinder is intended for use in single or multi-camera video security applications, including commercial or home CCTV, theft prevention and child, family member or home monitoring and other domestic care scenarios such as nanny cam installations. It supports capture, analysis, recording, and monitoring of video data coming from one or more video or network cameras attached to a Linux system. ZoneMinder also support web and semi-automatic control of Pan/Tilt/Zoom cameras using a variety of protocols. It is suitable for use as a DIY home video security system and for commercial or professional video security and surveillance. It can also be integrated into a home automation system via X.10 or other protocols. If you're looking for a low cost CCTV system or a more flexible alternative to cheap DVR systems then why not give ZoneMinder a try?

]]></description>
<dc:subject>linux surveillance security cctv</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:b0ebd0f20d11/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:linux"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:cctv"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://arbsec.org/">
    <title>ARBSEC - Ann Arbor Security Meetup</title>
    <dc:date>2010-02-02T19:42:19+00:00</dc:date>
    <link>http://arbsec.org/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[ARBSEC is the first Wednesday of every month. Unlike other meetups, you will not be expected to pay dues, "join up", or present a zero-day exploit to attend.

]]></description>
<dc:subject>arbsec annarbor security infosec meetup first-wednesday</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:vielmetti/b:feb58825154b/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:arbsec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:annarbor"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:meetup"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:first-wednesday"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.steike.com/code/spotify-vs-ollydbg/">
    <title>Spotify vs OllyDbg</title>
    <dc:date>2009-05-27T19:36:17+00:00</dc:date>
    <link>http://www.steike.com/code/spotify-vs-ollydbg/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[introducing the "medusa float", the number which when rounded crashes your debugger, providing a measure of copy protection.

2^63 - 0.5 = 111111111111111111111111111111111111111111111111111111111111111.1
]]></description>
<dc:subject>security programming hacking reverseengineering ollydbg spotify debugger assembly debugging medusa-float</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:0260331cb06c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:programming"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:reverseengineering"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ollydbg"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:spotify"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:debugger"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:assembly"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:debugging"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:medusa-float"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.securitymetrics.org/content/attach/Welcome_blogentry_010806_1/keynote_bellovin.txt">
    <title>On the Brittleness of Software and the Infeasibility of Security Metrics</title>
    <dc:date>2009-01-04T21:15:53+00:00</dc:date>
    <link>http://www.securitymetrics.org/content/attach/Welcome_blogentry_010806_1/keynote_bellovin.txt</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[I've sometimes quoted Lord Kelvin:

``If you can not measure it, you can not improve it.''

``When you can measure what you are speaking about, and
express it in numbers, you know something about it; but
when you cannot measure it, when you cannot express it in
numbers, your knowledge is of a meagre and unsatisfactory
kind; it may be the beginning of knowledge, but you have
scarcely in your thoughts advanced to the state of *Science*,
whatever the matter may be.''

But I've reluctantly concluded that current architectures are not
amenable to metrics of the sort I want.  Here's why.
]]></description>
<dc:subject>metrics security to-measure-is-to-destroy</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:9f4d25a46abc/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:metrics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:to-measure-is-to-destroy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.hackingscada.com/">
    <title>Hacking SCADA: Industrial Network Security From the Mind of the Attacker</title>
    <dc:date>2009-01-02T02:16:06+00:00</dc:date>
    <link>http://www.hackingscada.com/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Hacking SCADA takes an evolutionary leap into Industrial Network Security by examining SCADA systems and networks from a hacker's point of view in an effort to help fix the root of the problem, and not just "treat the symptoms." It takes an in depth look at the vulnerabilities and solutions in a way that other standards and best practices guidelines fall short.
]]></description>
<dc:subject>books hacking scada security</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:4c40600944d0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:books"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:scada"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.win.tue.nl/hashclash/rogue-ca/">
    <title>MD5 considered harmful today</title>
    <dc:date>2009-01-01T05:47:52+00:00</dc:date>
    <link>http://www.win.tue.nl/hashclash/rogue-ca/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[paper detailing collision attack on md5 + sequence number attack on ssl certs = complete man in the middle attack on https
]]></description>
<dc:subject>md5 25c3 security ssl mitm https</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:11235f492d38/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:md5"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:25c3"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:mitm"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:https"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://stephensonstrategies.com/directory-of-major-blog-posts/10-21st-century-disaster-prep-tips-you-wont-get-from-government/">
    <title>21st-century disaster prep tips you won't get from officials at Stephenson blogs on homeland security 2.0 et al.</title>
    <dc:date>2008-11-15T22:18:51+00:00</dc:date>
    <link>http://stephensonstrategies.com/directory-of-major-blog-posts/10-21st-century-disaster-prep-tips-you-wont-get-from-government/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[The advent of 21st century personal communications devices and services, particularly camera phones with GPS capability, GPS devices in your car, P2P software such as mesh networking, or social networking services, mean that it’s now feasible to have two-way sharing of real-time, location-based information that could save your life in a crisis.You won’t find these tips about how to capitalize on those devices and applications on Ready.gov, or other federal, state, and/or local preparedness sites. In some cases it’s because the services described below are private sector ones that government agencies can’t endorse.
]]></description>
<dc:subject>howto web2.0 technology security collaboration emergency disaster communications preparedness survival</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:a774d95c34a4/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:howto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:web2.0"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:technology"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:collaboration"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:emergency"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:disaster"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:communications"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:preparedness"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:survival"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://mobileactive.org/wiki/Mobile_Surveillance-A_Primer">
    <title>Mobile Surveillance-A Primer - MobileActive Wiki</title>
    <dc:date>2008-11-11T19:59:29+00:00</dc:date>
    <link>http://mobileactive.org/wiki/Mobile_Surveillance-A_Primer</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[With cameras, GPS, mobile Internet come ever more dangerous surveillance possibilities, allowing an observer, once they have succeeded in gaining control of the phone, to turn it into a sophisticated recording device. However, even a simple phone can be tracked whenever it is on the network, and calls and text messages are far from private. Where surveillance is undertaken in collusion with the network operator, both the content of the communication and the identities of the parties involved is able to be discovered, sometimes even retrospectively. It is also possible to surreptitiously install software on phones on the network, potentially gaining access to any records stored on the phone.
]]></description>
<dc:subject>internet mobile security privacy surveillance i'll-be-watching-you</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:430ed4e1ed87/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:internet"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:mobile"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:i'll-be-watching-you"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://asert.arbornetworks.com/2008/11/2008-worldwide-infrastructure-security-report/">
    <title>2008 Internet Security Report | Security to the Core | Arbor Networks Security</title>
    <dc:date>2008-11-11T18:58:03+00:00</dc:date>
    <link>http://asert.arbornetworks.com/2008/11/2008-worldwide-infrastructure-security-report/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Finally, the surveyed ISPs also said their vendor infrastructure equipment continues to lack key security features (like capacity for large ACL lists) and suffers from poor configuration management and a near complete absence of IPv6 security features. While most ISPs now have the infrastructure to detect bandwidth flood attacks, many still lack the ability to rapidly mitigate these attacks. Only a fraction of surveyed ISPs said they have the capability to mitigate DDoS attacks in 10 minutes or less. Even fewer providers have the infrastructure to defend against service-level attacks or this year’s reported peak of a 40 gigabit flood attack.
]]></description>
<dc:subject>internet security ddos opsec netsec infosec</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:2e36bad30895/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:internet"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ddos"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:opsec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:netsec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://threatchaos.com/?p=281">
    <title>Threatchaos relaunches! | ThreatChaos</title>
    <dc:date>2008-11-07T20:22:43+00:00</dc:date>
    <link>http://threatchaos.com/?p=281</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[But, a blog buried within Network World’s community is hard to find so as of today I am re-launching threatchaos.com.   With complete control over the technology I use and the features I develop this site will quickly become a valauble resource to the entire IT security industry.    In addition to my daily blog posts I will be retaining people to help with news coverage.  I am also embarking on several video ventures that will show up here.
]]></description>
<dc:subject>infosec stiennon richard threatchaos security blog relaunch</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:bb568cb592d6/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:stiennon"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:richard"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:threatchaos"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:blog"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:relaunch"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.emergentchaos.com/">
    <title>Emergent Chaos: The Emergent Chaos Jazz Combo of the Blogosphere</title>
    <dc:date>2008-11-06T15:16:04+00:00</dc:date>
    <link>http://www.emergentchaos.com/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[good reliable security blog
]]></description>
<dc:subject>blog security infosec finsec</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:6274b063baac/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:blog"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:finsec"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://mike.teczno.com/notes/openid-again.html">
    <title>more against openID (tecznotes)</title>
    <dc:date>2008-10-30T15:29:11+00:00</dc:date>
    <link>http://mike.teczno.com/notes/openid-again.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[The ridiculous thing about OpenID is that it has no value unless loads of people buy in, which I assume is why there have been so many "we will support OpenID mumble-mumble" announcements in recent months. If it gains any traction at all, it's going to be just like the consumer credit system without all that pesky government oversight getting you a free personal report once a year and going after abusers. It's a cute technical approach to a big, hairy social status quo, and I'm sitting here writing a big-ass diatribe about it because I don't want to find myself forced into signing up for a SomeBigCo account two years from now and getting all my shit stolen or sold, ChoicePoint-style.
]]></description>
<dc:subject>security rant openid privacy identity openid-sesame authentication</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:446ff785d089/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:rant"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:openid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:identity"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:openid-sesame"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:authentication"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://neosmart.net/blog/2008/google-doesnt-use-openid/">
    <title>Google Abandons Standards, Forks OpenID — The NeoSmart Files</title>
    <dc:date>2008-10-30T15:26:58+00:00</dc:date>
    <link>http://neosmart.net/blog/2008/google-doesnt-use-openid/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[OpenID is on tenterhooks as it is, and cannot withstand any more efforts to splinter its adoption. Never mind the fact that almost all the big names adopting OpenID are joining only as providers and not as relying parties (rendering the whole basis of OpenID useless) – now even the provider side of things is chaos.
]]></description>
<dc:subject>google technology security authentication identity standards tenterhooks the-tentacles-of-identity openid</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:e307e0d276e7/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:technology"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:authentication"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:identity"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:standards"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:tenterhooks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:the-tentacles-of-identity"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:openid"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.achangeiscoming.net/docs/cssocsci.html">
    <title>Computer science is really a social science</title>
    <dc:date>2008-10-14T18:07:11+00:00</dc:date>
    <link>http://www.achangeiscoming.net/docs/cssocsci.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[I first remember making this suggestion (somewhat in jest) to Andreas Zeller during a conversation at ISSTA 2000: my response to yet another outbreak of the "math vs. physics" debate was "we don't want to admit it, but we should really be debating whether we're more like sociologists or economists". He noted that he sees himself more as a 19th century 'naturalist" -- in particular, observational as well as experimental, a view that I tend to think of as compatible.   A visit by across-disciplinary group from CMU to Microsoft Research sometime in 2002 was a key step towards making me believe that maybe I wasn't joking.  Since then, discussions with many people helped refine these ideas and led me to conclude that they are ready toair; I would especially like to thank Jeannette Wing, Jeff Wallace, Mike Howard, Window Snyder, Pierre de Vries for the "consilient" viewpoint, Tony Hoare, Butler Lampson, Mary Shaw, Dan Gillmor, Cornell West
]]></description>
<dc:subject>security computing economics sociology</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:283e66d63783/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:computing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:economics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:sociology"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://insecure.org/stf/tcp-dos-attack-explained.html">
    <title>Outpost24's TCP DOS Attack Explained</title>
    <dc:date>2008-10-05T20:15:59+00:00</dc:date>
    <link>http://insecure.org/stf/tcp-dos-attack-explained.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[1.  send SYN 2. victim sends SYN-ACK 3. filter out SYN-ACK from your machine's TCP stack 4.  send ACK from userland 5. ??? 6. PROFIT!@!@!
]]></description>
<dc:subject>marketing security pr hacking tcp fun-with-state-machines via:adulau</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:74b0ffb7c691/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:marketing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:pr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:tcp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:fun-with-state-machines"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:via:adulau"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://teddziuba.com/2008/09/openid-is-why-i-hate-the-inter.html">
    <title>OpenID Is Why I Hate The Internet - Ted Dziuba</title>
    <dc:date>2008-09-02T14:14:06+00:00</dc:date>
    <link>http://teddziuba.com/2008/09/openid-is-why-i-hate-the-inter.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Everything was all well and good until I had to figure out how to use OpenID.  I've been watching the development of this shit from the sidelines for a while (well, if reading something about OpenID blah blah blah on TechCrunch and saying, aw, that's cute, then getting back to work counts).  I understand the problem that OpenID is trying to solve, but the approach is way too, uh, how to put this, San Francisco.
]]></description>
<dc:subject>web usability openid security san-francisco-style-internet-design techcrunch blah-blah-blah</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:d3c5d9d58993/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:web"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:usability"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:openid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:san-francisco-style-internet-design"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:techcrunch"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:blah-blah-blah"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.democracynow.org/blog/2008/9/1/amy_goodman_and_two_democracy_now_producers_unlawfully_arrested_at_the_rnc">
    <title>Democracy Now! | Amy Goodman and Two Democracy Now! Producers Unlawfully Arrested At the RNC</title>
    <dc:date>2008-09-02T01:46:45+00:00</dc:date>
    <link>http://www.democracynow.org/blog/2008/9/1/amy_goodman_and_two_democracy_now_producers_unlawfully_arrested_at_the_rnc</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[ST. PAUL, MN—Democracy Now! host Amy Goodman was unlawfully arrested in downtown St. Paul, Minnesota at approximately 5 p.m. local time. Police violently manhandled Goodman, yanking her arm, as they arrested her. Video of her arrest can be seen here: http://www.youtube.com/watch?v=oYjyvkR0bGQ  Goodman was arrested while attempting to free two Democracy Now! producers who were being unlawfuly detained. They are Sharif Abdel Kouddous and Nicole Salazar. Kouddous and Salazar were arrested while they carried out their journalistic duties in covering street demonstrations at the Republican National Convention. Goodman’s crime appears to have been defending her colleagues and the freedom of the press.
]]></description>
<dc:subject>security media journalism minnesota youtube democracy-now goodman amy</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:e8eaf35610d3/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:media"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:journalism"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:minnesota"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:youtube"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:democracy-now"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:goodman"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:amy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://wiki.mozilla.org/Labs/Ubiquity/Ubiquity_0.1_Author_Tutorial">
    <title>Labs/Ubiquity/Ubiquity 0.1 Author Tutorial - MozillaWiki</title>
    <dc:date>2008-08-28T14:51:43+00:00</dc:date>
    <link>https://wiki.mozilla.org/Labs/Ubiquity/Ubiquity_0.1_Author_Tutorial</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[If the user chooses to subscribe to a command from an untrusted source, they will get a security warning message before they can install the command. (And in Ubiquity 0.1, ALL sources are considered untrusted, so don't take it personally!) Because Ubiquity commands can execute arbitrary javascript with chrome privileges, subscribing to a command from a website means allowing that site full access to do whatever it wants to your browser. We want to make sure people understand the dangers before subscribing to commands, so we made the warning page pretty scary.
]]></description>
<dc:subject>ubiquity trust security trust-me-pleez firefox security-model absence-of-a-security-model chrome javascript infection-vector</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:20fdb50cca86/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ubiquity"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:trust"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:trust-me-pleez"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:firefox"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security-model"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:absence-of-a-security-model"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:chrome"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:javascript"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infection-vector"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.theregister.co.uk/2008/07/30/debra_bowen_usenix_keynote/">
    <title>Dr. Strangevote saves mankind with Luddite voting recipe | The Register</title>
    <dc:date>2008-08-04T17:20:50+00:00</dc:date>
    <link>http://www.theregister.co.uk/2008/07/30/debra_bowen_usenix_keynote/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[When it comes to elections, California Secretary of State Debra Bowen opts for blander, more traditional technologies, and that preference is helping her sleep better at night.
Speaking Wednesday at the Usenix Security Symposium in San Jose, California, the state's top elections official laid out a decidedly low-tech approach for ensuring that each voter's ballot is recorded as cast. It involves the use of ink pens to record votes on old-fashioned paper. An optical scanner records the information, and to make sure votes are counted correctly, ballots are randomly selected and compared with what's been tallied.
]]></description>
<dc:subject>usenix security bowen debra vote voting vote-early-vote-often california</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:ef99ea7dc5d5/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:usenix"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:bowen"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:debra"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:vote"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:voting"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:vote-early-vote-often"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:california"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.wired.com/politics/security/commentary/securitymatters/2008/03/securitymatters_0320">
    <title>Commentary: Inside the Twisted Mind of the Security Professional</title>
    <dc:date>2008-08-04T17:19:54+00:00</dc:date>
    <link>http://www.wired.com/politics/security/commentary/securitymatters/2008/03/securitymatters_0320</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Which is why CSE 484, an undergraduate computer-security course taught this quarter at the University of Washington, is so interesting to watch. Professor Tadayoshi Kohno is trying to teach a security mindset.
You can see the results in the blog the students are keeping. They're encouraged to post security reviews about random things: smart pill boxes, Quiet Care Elder Care monitors, Apple's Time Capsule, GM's OnStar, traffic lights, safe deposit boxes, and dorm -room security.
]]></description>
<dc:subject>kohno tadayoshi design security infosec hacking psychology schneier bruce social-engineering-will-get-you-what-you-want</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:dfe2504aea7b/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:kohno"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:tadayoshi"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:design"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:psychology"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:schneier"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:bruce"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:social-engineering-will-get-you-what-you-want"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://news.cnet.com/8301-13578_3-10004646-38.html">
    <title>Homeland Security: We can seize laptops for an indefinite period | The Iconoclast - politics, law, and technology - CNET News</title>
    <dc:date>2008-08-02T17:13:17+00:00</dc:date>
    <link>http://news.cnet.com/8301-13578_3-10004646-38.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[The U.S. Department of Homeland Security has concocted a remarkable new policy: It reserves the right to seize for an indefinite period of time laptops taken across the border.
A pair of DHS policies from last month say that customs agents can routinely--as a matter of course--seize, make copies of, and "analyze the information transported by any individual attempting to enter, re-enter, depart, pass through, or reside in the United States." (See policy No. 1 and No. 2.)
]]></description>
<dc:subject>security news law privacy government information digital laptop police dhs border corruption tsa laptops</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:c2fc9c4b54d2/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:news"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:law"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:government"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:information"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:digital"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:laptop"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:police"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:dhs"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:border"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:corruption"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:tsa"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:laptops"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.provos.org/index.php?/pages/dnstest.html">
    <title>DNS Resolver Test</title>
    <dc:date>2008-07-23T16:04:33+00:00</dc:date>
    <link>http://www.provos.org/index.php?/pages/dnstest.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[For secure name resolution, it is important that your DNS resolver uses random source ports. The box below will tell you if there is something you need to worry about.
]]></description>
<dc:subject>dns networks security services dnssec monkey niels-provos infosec netsec</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:36247e151fd6/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:dns"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:networks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:services"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:dnssec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:monkey"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:niels-provos"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:netsec"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://code.google.com/p/ratproxy/">
    <title>ratproxy - Google Code</title>
    <dc:date>2008-07-06T23:48:43+00:00</dc:date>
    <link>http://code.google.com/p/ratproxy/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[passive web application security assessment tool
]]></description>
<dc:subject>via:monkey code ajax security testing infosec trust-but-verify</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:312c6ea7d382/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:via:monkey"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:code"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ajax"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:testing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:trust-but-verify"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://wordpress.org/development/2008/02/wordpress-233/">
    <title>WordPress › Blog » WordPress 2.3.3</title>
    <dc:date>2008-02-05T20:57:55+00:00</dc:date>
    <link>http://wordpress.org/development/2008/02/wordpress-233/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[WordPress 2.3.3 is an urgent security release.
]]></description>
<dc:subject>blogs security software web wordpress</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:9461f83bee24/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:blogs"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:software"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:web"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:wordpress"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.wired.com/politics/security/commentary/securitymatters/2007/12/securitymatters_1213">
    <title>Why 'Anonymous' Data Sometimes Isn't</title>
    <dc:date>2007-12-14T02:51:21+00:00</dc:date>
    <link>http://www.wired.com/politics/security/commentary/securitymatters/2007/12/securitymatters_1213</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[bruce schneier notes that birthdate + zip code + gender is probably enough to identify you.  (ed43 + 48104)
]]></description>
<dc:subject>security surveillance infosec anonymous birthday</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:7500e91fccd5/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:anonymous"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:birthday"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://securitydigest.org/phage/bydate">
    <title>The 'Security Digest' Archives (TM) : Phage List: archive, by date</title>
    <dc:date>2007-11-29T19:43:42+00:00</dc:date>
    <link>http://securitydigest.org/phage/bydate</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Phage List: archive, by date.  3/11/88 - Morris Internet Worm - 20th anniversary coming up
]]></description>
<dc:subject>worm morris-worm security infosec phage security-digest 1988</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:37f4972f5d11/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:worm"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:morris-worm"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:phage"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security-digest"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:1988"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.zwire.com/site/news.cfm?newsid=19018393&amp;BRD=985&amp;PAG=461&amp;dept_id=161556&amp;rfi=6">
    <title>Journal Inquirer - Security breach affects UConn Foundation donors</title>
    <dc:date>2007-11-20T01:42:29+00:00</dc:date>
    <link>http://www.zwire.com/site/news.cfm?newsid=19018393&amp;BRD=985&amp;PAG=461&amp;dept_id=161556&amp;rfi=6</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[The foundation was one of 92 clients of the vendor, Convio, affected by the breach, Sponauer said.
]]></description>
<dc:subject>convio uconn infosec security nptech john-sponauer nonprofit foundation</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:6ee88d8daa3e/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:convio"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:uconn"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:nptech"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:john-sponauer"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:nonprofit"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:foundation"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.flickr.com/photos/rosefirerising/2004550752/">
    <title>Bomb Scare on Central Campus on Flickr - Photo Sharing!</title>
    <dc:date>2007-11-13T19:15:18+00:00</dc:date>
    <link>http://www.flickr.com/photos/rosefirerising/2004550752/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[umich central campus bomb scare
]]></description>
<dc:subject>umich central-campus security</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:c487365b46be/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:umich"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:central-campus"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://hyper.to/blog/link/opensocial-insecurity-no-user-to-app-authentication/">
    <title>Miron’s Weblog » OpenSocial insecurity - no user to app authentication</title>
    <dc:date>2007-11-06T16:08:34+00:00</dc:date>
    <link>http://hyper.to/blog/link/opensocial-insecurity-no-user-to-app-authentication/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[no user authentication! Any user can forge anybody else’s identity when interacting with any OpenSocial application. As it currently stands, it is not possible to write secure social applications on the platform
]]></description>
<dc:subject>api facebook identity opensocial security widgets infosec</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:26f96a84bc8c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:api"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:facebook"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:identity"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:opensocial"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:widgets"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://theharmonyguy.com/">
    <title>Social Hacking</title>
    <dc:date>2007-11-06T15:51:15+00:00</dc:date>
    <link>http://theharmonyguy.com/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[I’m really starting to wonder about the overall security of the OpenSocial platform’s design.  Not to say that I know more than Google, but I am surprised these issues weren’t noticed prior to launch.
]]></description>
<dc:subject>google hacking web2.0 opensocial infosec security</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:3c3e2b350550/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:web2.0"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:opensocial"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://openid.net/pipermail/general/2007-January/001260.html">
    <title>[OpenID] Phishing and OpenID</title>
    <dc:date>2007-11-05T19:35:49+00:00</dc:date>
    <link>http://openid.net/pipermail/general/2007-January/001260.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[a significant problem with OpenID   I've brought this up before and had assumed that most of these schemes would not get off the ground because of the severity and obviousness of the problem -- but I was wrong.
]]></description>
<dc:subject>openid phishing security infosec</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:bdae642f68e1/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:openid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:phishing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.computerworld.com/action/article.do?command=viewArticleBasic&amp;articleId=9043418">
    <title>Details of hijacked 24/7 ad server emerge</title>
    <dc:date>2007-10-23T13:39:26+00:00</dc:date>
    <link>http://www.computerworld.com/action/article.do?command=viewArticleBasic&amp;articleId=9043418</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Hackers have hijacked a server operated by Internet advertising company 24/7 Real Media Inc. and are using it to seed legitimate Web sites with ads carrying attack code, Symantec Corp. said Friday.
]]></description>
<dc:subject>infosec hackers ad advertising security 24-7-real-media</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:3cfc02269e12/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:hackers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ad"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:advertising"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:24-7-real-media"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.thespanner.co.uk/2007/10/17/openid-account-security/">
    <title>OpenID account security</title>
    <dc:date>2007-10-17T05:01:43+00:00</dc:date>
    <link>http://www.thespanner.co.uk/2007/10/17/openid-account-security/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[3 classes of attacks on openid.  (looks like a worse and worse system every time I read one of these articles)
]]></description>
<dc:subject>openid security infosec phishing</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:77f25b830b39/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:openid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:phishing"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://ttlnews.blogspot.com/2007/10/outstanding-issues-with-openid-and-tips.html">
    <title>Tech Team Lead News: Outstanding issues with OpenID and tips for improvements</title>
    <dc:date>2007-10-16T13:58:33+00:00</dc:date>
    <link>http://ttlnews.blogspot.com/2007/10/outstanding-issues-with-openid-and-tips.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[security, usability, and privacy issues with openid.
]]></description>
<dc:subject>openid security usability privacy identity protocol design</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:6c85e262030e/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:openid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:usability"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:identity"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:protocol"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:design"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.links.org/?p=188">
    <title>Links » OpenID and Phishing: Episode II</title>
    <dc:date>2007-10-14T23:21:16+00:00</dc:date>
    <link>http://www.links.org/?p=188</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[The OpenID fanboys want OpenID to work on any old platform using only standard software, and so therefore are doomed to live in the world of broken authentication. This is fine if what you protect with your OpenID is worthless, but it seems clear that the
]]></description>
<dc:subject>identity openid phishing security infosec authentication broken worthless</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:f4cb6ea355cd/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:identity"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:openid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:phishing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:authentication"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:broken"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:worthless"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.links.org/?p=187">
    <title>Links » OpenID: Phishing Heaven</title>
    <dc:date>2007-10-14T23:20:04+00:00</dc:date>
    <link>http://www.links.org/?p=187</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[OpenID announced the release of a new draft of OpenID Authentication 2.0 today. I’m reluctantly forced to come to the conclusion that the OpenID people don’t care about phishing, since they’ve defined a standard that has to be the worst I’ve ever
]]></description>
<dc:subject>identitytheft toread openid infosec security phishing worst-ive-ever-seen</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:2708ff79160c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:identitytheft"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:toread"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:openid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:phishing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:worst-ive-ever-seen"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.idcorner.org/?p=161">
    <title>The Identity Corner » The problem(s) with OpenID</title>
    <dc:date>2007-10-14T23:19:03+00:00</dc:date>
    <link>http://www.idcorner.org/?p=161</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Beyond this, OpenID is pretty much useless. The reasons for this are many: OpenID is highly vulnerable to phishing and other attacks, creates insurmountable privacy problems, is not a trust system, suffers from usability problems, and makes it unappealing
]]></description>
<dc:subject>openid infosec design usability security</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:a939f8ce5365/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:openid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:design"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:usability"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.xmlgrrl.com/blog/archives/2007/09/21/sun-openid-idp-protocol-and-implementation-review/">
    <title>Pushing String » Sun OpenID IdP: protocol and implementation review</title>
    <dc:date>2007-10-14T23:17:53+00:00</dc:date>
    <link>http://www.xmlgrrl.com/blog/archives/2007/09/21/sun-openid-idp-protocol-and-implementation-review/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[When we put our OpenID provider through the security review wringer (many thanks to Glenn Brunette and his team for their work on this!), some nitsy OpenID protocol questions came out, along with issues of provider and consumer behavior in the wild. Some
]]></description>
<dc:subject>openid security infosec</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:cd8df262b099/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:openid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://googleonlinesecurity.blogspot.com/2007/07/reason-behind-were-sorry-message.html">
    <title>Google Online Security Blog: The reason behind the &quot;We're sorry...&quot; message</title>
    <dc:date>2007-09-21T13:50:55+00:00</dc:date>
    <link>http://googleonlinesecurity.blogspot.com/2007/07/reason-behind-were-sorry-message.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Some of you might have seen this message while searching on Google, and wondered what the reason behind it might be. Instead of search results, Google displays the "We're sorry" message when we detect anomalous queries from your network.
]]></description>
<dc:subject>captcha google security seo niels-provos malware botnet monkey</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:01bb55806292/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:captcha"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:seo"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:niels-provos"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:malware"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:botnet"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:monkey"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.gnucitizen.org/blog/searching-for-evil">
    <title>Searching For Evil | GNUCITIZEN</title>
    <dc:date>2007-09-03T12:37:58+00:00</dc:date>
    <link>http://www.gnucitizen.org/blog/searching-for-evil</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[google video of ross anderson (introduced by hal varian) talking about the intersection of economics and computer security.
]]></description>
<dc:subject>ross-anderson hal-varian google google-talks dont-be-evil security economics</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:14227eea2072/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ross-anderson"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:hal-varian"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:google-talks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:dont-be-evil"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:economics"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://planet-websecurity.org/Mozilla+Says+%22Ten+Fucking+Days%22/">
    <title>Planet-Websecurity.org: good news brought together</title>
    <dc:date>2007-08-03T20:49:52+00:00</dc:date>
    <link>http://planet-websecurity.org/Mozilla+Says+%22Ten+Fucking+Days%22/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[At this point Mike Shaver threw down the gauntlet. He gave me his business card with a hand written note on it, laying his claim on the line. The claim being - with responsible disclosure Mozilla can patch and deploy any critical severity holes within “
]]></description>
<dc:subject>mozilla security patches infosec ten-freaking-days ten-effing-days ten-fracking-days</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:62d71b96e9b7/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:mozilla"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:patches"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ten-freaking-days"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ten-effing-days"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ten-fracking-days"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://planet-websecurity.org/Congratulation!+You%E2%80%99ve+been+nominated+for+a+Pwnie+Award./">
    <title>Planet-Websecurity.org: good news brought together</title>
    <dc:date>2007-08-02T15:14:50+00:00</dc:date>
    <link>http://planet-websecurity.org/Congratulation!+You%E2%80%99ve+been+nominated+for+a+Pwnie+Award./</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[From the Pwnie Awards website, the Mass 0wnage Pwnie Award is Awarded to the person who discovered the bug that resulted in the most widespread exploitation. Also known as the Pwnie for Breaking the Internet.
]]></description>
<dc:subject>security infosec pwnie most-likely-to-break-the-internet</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:ee7a15b36e06/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:pwnie"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:most-likely-to-break-the-internet"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.networkworld.com/news/2007/073007-ietf-qa.html">
    <title>Q&amp;A: Security top concern for new IETF chair - Network World</title>
    <dc:date>2007-07-29T04:08:51+00:00</dc:date>
    <link>http://www.networkworld.com/news/2007/073007-ietf-qa.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[VeriSign is giving me a check a month, and the National Security Agency is paying my travel costs. Vigil Security is my own business. It’s just me, and my wife pays the bills.
]]></description>
<dc:subject>ietf nsa internet standards security verisign</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:1888044d044d/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:ietf"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:nsa"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:internet"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:standards"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:verisign"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://blog.taragana.com/index.php/archive/angsumans-authenticated-wordpress-plugin-password-protection-for-your-wordpress-blog/">
    <title>Angsuman's Authenticated WordPress Plugin - Password Protection for Your WordPress Blog</title>
    <dc:date>2007-06-06T19:03:10+00:00</dc:date>
    <link>http://blog.taragana.com/index.php/archive/angsumans-authenticated-wordpress-plugin-password-protection-for-your-wordpress-blog/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[a plugin to hide your wordpress blog, e.g. when you are developing it before it's launched.
]]></description>
<dc:subject>webdev wordpress security webdesign blog plugin</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:ff9cac4ac8a5/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:webdev"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:wordpress"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:webdesign"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:blog"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:plugin"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://mezzoblue.com/archives/2007/06/05/unsettling/">
    <title>mezzoblue § Unsettling</title>
    <dc:date>2007-06-06T18:05:17+00:00</dc:date>
    <link>http://mezzoblue.com/archives/2007/06/05/unsettling/</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[For those who host with Dreamhost: I received a confirmation email from them at 8:27pm PST on June 5th that yes indeed, something in the neighbourhood of 3,500 FTP accounts have been compromised. If you’re on Dreamhost, time to change all your passwords
]]></description>
<dc:subject>dreamhost infosec wordpress spam security hosting</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:4fb1e572e282/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:dreamhost"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:wordpress"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:spam"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:hosting"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://mikeg.typepad.com/perceptions/2007/04/corporate_data_.html">
    <title>Collaborative Thinking: Corporate data slips out via Google Calendar</title>
    <dc:date>2007-06-06T13:45:37+00:00</dc:date>
    <link>http://mikeg.typepad.com/perceptions/2007/04/corporate_data_.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Google Calendar gives users the choice of keeping calendar entries private or publishing them for the world to see, but some Google Calendar users appear to be sharing their calendar information without realizing it.
]]></description>
<dc:subject>calendar google security infosec</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:3153a8814ecd/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:calendar"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.oscandy.com/hacking/454-dreamhost-hosting-platform-hacked">
    <title>Dreamhost hosting platform hacked! — Open Source Candy</title>
    <dc:date>2007-06-06T13:25:42+00:00</dc:date>
    <link>http://www.oscandy.com/hacking/454-dreamhost-hosting-platform-hacked</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[some details emerging of dreamhost hack problems.  black hat seo spam appears to be the nature of the exploit.
]]></description>
<dc:subject>dreamhost hosting infosec security</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:cd3542d89a9c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:dreamhost"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:hosting"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.newscientisttech.com/channel/tech/mg19426026.000-web-browsers-are-new-frontline-in-internet-war.html">
    <title>Web browsers are new frontline in internet war - tech - 05 May 2007 - New Scientist Tech</title>
    <dc:date>2007-05-17T18:25:30+00:00</dc:date>
    <link>http://www.newscientisttech.com/channel/tech/mg19426026.000-web-browsers-are-new-frontline-in-internet-war.html</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[While installing firewalls and antivirus software on your computer may keep it safe from conventional threats such as worms and viruses, these security tools do not inspect data downloaded through browsers - a loophole that attackers can exploit. "The fir
]]></description>
<dc:subject>browser google search secure security monkey.org niels-provos</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:d9516dd9d830/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:browser"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:search"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:secure"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:monkey.org"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:niels-provos"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://news.bbc.co.uk/2/hi/technology/6526851.stm">
    <title>BBC NEWS | Technology | Cursor hackers target WoW players</title>
    <dc:date>2007-04-08T16:18:12+00:00</dc:date>
    <link>http://news.bbc.co.uk/2/hi/technology/6526851.stm</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[Research by security firm Symantec suggests that the raw value of a WoW account is now higher than a credit card and its associated verification data.
]]></description>
<dc:subject>credit identity wow infosec security using-my-platinum-wow-account-to-buy-groceries</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:0ec456330d5d/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:credit"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:identity"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:wow"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:using-my-platinum-wow-account-to-buy-groceries"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://google.brand.edgar-online.com/fetchFilingFrameset.aspx?FilingID=5062935&amp;Type=HTML">
    <title>TJX 10-K: computer intrusion at TJX, parent company of TJ Maxx</title>
    <dc:date>2007-03-30T05:26:09+00:00</dc:date>
    <link>http://google.brand.edgar-online.com/fetchFilingFrameset.aspx?FilingID=5062935&amp;Type=HTML</link>
    <dc:creator>vielmetti</dc:creator><description><![CDATA[We suffered an unauthorized intrusion into portions of our computer systems that process and store information related to customer transactions that we believe resulted in the theft of customer data. We do not know who took this action and whether there w
]]></description>
<dc:subject>tjx edgar 10-k sec filing security infosec credit-card all-your-discount-merchandise-are-belong-to-us</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:888da6e4343b/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:tjx"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:edgar"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:10-k"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:sec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:filing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:credit-card"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:all-your-discount-merchandise-are-belong-to-us"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.fcw.com/article96438-10-16-06-Print">
    <title>FCW.com News - New CIO has broad-based view of IT issues</title>
    <dc:date>2007-03-25T18:29:20+00:00</dc:date>
    <link>http://www.fcw.com/article96438-10-16-06-Print</link>
    <dc:creator>vielmetti</dc:creator><dc:subject>security mshs</dc:subject>
<dc:identifier>https://pinboard.in/u:vielmetti/b:f3d6e71f8393/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:vielmetti/t:mshs"/>
</rdf:Bag></taxo:topics>
</item>
</rdf:RDF>