Category Archives: Data Leakage

More about the privacy pledge

Plenty of you have seen—and indeed signed— the App Makers’ Privacy Pledge on GitHub. If you haven’t, but after reading it are interested, see the instructions in the project README. It’s great to see so many app makers taking an … Continue reading

Posted in Business, Data Leakage, Privacy, Responsibility | Comments Off on More about the privacy pledge

On privacy, hashing, and your customers

I’ve talked before about not being a dick when it comes to dealing with private data and personally-identifying information. It seems events have conspired to make it worth diving into some more detail. Only collect data you need to collect … Continue reading

Posted in Business, Crypto, Data Leakage, Privacy, Responsibility | Comments Off on On privacy, hashing, and your customers

Don’t be a dick

In a recent post on device identifiers, I wrote a guideline that I’ve previously invoked when it comes to sharing user data. Here is, in both more succinct and complete form than in the above-linked post, the Don’t Be A … Continue reading

Posted in Data Leakage, IANAL, Policy, Privacy | Comments Off on Don’t be a dick

On the top 5 iOS appsec issues

Nearly 13 months ago, the Intrepidus Group published their top 5 iPhone application development security issues. Two of them are valid issues, the other three they should perhaps have thought longer over. The good Sensitive data unprotected at rest Secure … Continue reading

Posted in buffer-overflow, code-level, Crypto, Data Leakage, Encryption, iPad, iPhone, ssl, Updates, user-error, Vulnerability | 2 Comments

Protecting source code

As I mentioned on the missing iDeveloper.tv Live episode, one of the consequences of the Gawker hack was that their source code for their internal software was leaked into the Internet. I doubt any of my readers would want that … Continue reading

Posted in Business, code-level, Data Leakage, Encryption, Policy, Responsibility, software-engineering | 5 Comments

On Trashing

Back in the 1980s and 1990s, people who wanted to clandestinely gain information about a company or organisation would go trashing.[*] That just meant diving in the bins to find information about the company structure – who worked there, who … Continue reading

Posted in Business, Data Leakage, Policy, Twitter | Leave a comment

A solution in need of a problem

I don’t usually do product reviews, in fact I have been asked a few times to accept a free product in return for a review and have turned them all down. This is just such an outré product that I … Continue reading

Posted in Data Leakage | Leave a comment

So it’s not just the Department of Homeland Security, then

What is it about government security agencies and, well, security? The UK Intelligence and Security Committee has just published its Annual Report 2008-2009 (pdf, because if there’s one application we all trust, it’s Adobe Reader), detailing financial and policy issues … Continue reading

Posted in Data Leakage, government, Policy | Leave a comment

Look what the feds left behind…

So what conference was on in this auditorium before NSConference? Well, why don’t we just read the documents they left behind? Ooops. While there’s nothing at higher clearance than Unrestricted inside, all of the content is marked internal eyes only … Continue reading

Posted in Data Leakage, government, NSConf, Policy, Privacy | Comments Off on Look what the feds left behind…