Month: September 2008
-
Popular Websites Vulnerable to Cross-Site Request Forgery Attacks
Update Oct 15, 2008 We’ve modified the paper to reflect the fact that the New York Times has fixed this problem. We also clarified that our server-side protection techniques do not protect against active network attackers. Update Oct 1, 2008 The New York Times has fixed this problem. All of the problems mentioned below have…
-
Quanta Case Preserved the Distinction Between Patent Law and Contract Law
Thanks to Ed for the invitation to contribute to FTT and for the gracious introduction. In addition to being a grad student here at Princeton, I’m also an adjunct scholar at the Cato Institute. Cato recently released the latest edition of its annual Supreme Court Review, a compilation of scholarly articles about the most recent…
-
Election Machinery blog
Students will be studying election technology and election administration in freshman seminar courses taught by at Princeton (by me) and at Stanford (by David Dill). The students will be writing short articles on the Election Machinery blog. I invite you all to read that blog over the next three months, to see what a small…
-
Will cherry picking undermine the market for ad-supported television?
Want to watch a popular television show without all the ads? Your options are increasing. There’s the iTunes store, moving toward HD video formats, in which a growing range of shows can be bought on a per-episode or per-season basis, to be watched without advertisements on a growing range of devices at a time of your…
-
Hurricane Ike status report: electrical power is cool
Today, we checked out the house, again, and lo and behold, it finally has power again! Huzzah! All in all, it hasn’t been that bad for us. We crashed with friends, ate out all the time, and (thankfully) had daycare for our daughter as of Thursday last week. Indeed, I’m seeing fewer people’s kids around…
-
How Yahoo could have protected Palin's email
Last week I criticized Yahoo for their insecure password recovery mechanism that allowed an intruder to take control of Sarah Palin’s email account. Several readers asked me the obvious follow-up question: What should Yahoo have done instead? Before we discuss alternatives, let’s take a minute to appreciate the delicate balance involved in designing a password…
-
Palin's email breached through weak Yahoo password recovery mechanism
This week’s breach of Sarah Palin’s Yahoo Mail account has been much discussed. One aspect that has gotten less attention is how the breach occurred, and what it tells us about security and online behavior. (My understanding of the facts is based on press stories, and on reading a forum post written by somebody claiming…
-
Hurricane Ike status report
Many people have been emailing me to send their best wishes. I thought it would be helpful to post a brief note on what happened and where we’re all at. As you know, Hurricane Ike hit shore early Saturday morning. The wind, combined with a massive storm surge, caused staggering devastation along the Texas coast.…
-
Welcome to the new Freedom to Tinker
Welcome to the new, redesigned Freedom to Tinker. Beyond giving it a new look, we have rebuilt the site as a blogging community, to highlight the contributions of more authors. The front page and main RSS feed will offer a combination of posts from all authors. We have also added a blog page (and feed)…
-
On digital TV and natural disasters
As I’m writing this, the eye of Hurricane Ike is roughly ten hours from landfall. The weather here, maybe 60 miles inland, is overcast with mild wind. Meanwhile, the storm surge has already knocked out power for ten thousand homes along the coast, claims the TV news, humming along in the background as I write…