The security of modern password expiration: an algorithmic framework and empirical analysis, by Yingian Zhang, Fabian Monrose and Michael Reiter. (ACM DOI link) This paper presents the first large-scale study of the success of password expiration in meeting its intended purpose, namely revoking access to an account by an attacker who has captured the account’s [...]
Steve Bellovin has a good deal of very useful analysis and context about “an experiment that showed that the avian flu strain A(H5N1) could be changed to permit direct ferret-to-ferret spread. While the problem the government is trying to solve is obvious, it’s far from clear that suppression is the right answer, especially in this [...]
I really enjoyed a conversation with Dave Birch for Consult Hyperion’s “Tomorrow’s Transactions” podcast series. The episode is here. We covered the New School, lessons learned from Zero-Knowledge Systems, and games for security and privacy.