Category Archives: Data Leakage

More about the privacy pledge

Posted on 2012-03-25 by Graham

Plenty of you have seen—and indeed signed— the App Makers’ Privacy Pledge on GitHub. If you haven’t, but after reading it are interested, see the instructions in the project README. It’s great to see so many app makers taking an … Continue reading →

Posted in Business, Data Leakage, Privacy, Responsibility | Comments Off

On privacy, hashing, and your customers

Posted on 2012-02-08 by Graham

I’ve talked before about not being a dick when it comes to dealing with private data and personally-identifying information. It seems events have conspired to make it worth diving into some more detail. Only collect data you need to collect … Continue reading →

Posted in Business, Crypto, Data Leakage, Privacy, Responsibility | Comments Off

Don’t be a dick

Posted on 2011-09-06 by Graham

In a recent post on device identifiers, I wrote a guideline that I’ve previously invoked when it comes to sharing user data. Here is, in both more succinct and complete form than in the above-linked post, the Don’t Be A … Continue reading →

Posted in Data Leakage, IANAL, Policy, Privacy | Comments Off

On the top 5 iOS appsec issues

Posted on 2011-05-20 by Graham

Nearly 13 months ago, the Intrepidus Group published their top 5 iPhone application development security issues. Two of them are valid issues, the other three they should perhaps have thought longer over. The good Sensitive data unprotected at rest Secure … Continue reading →

Posted in buffer-overflow, code-level, Crypto, Data Leakage, Encryption, iPad, iPhone, ssl, Updates, user-error, Vulnerability | 2 Comments

Protecting source code

Posted on 2010-12-15 by Graham

As I mentioned on the missing iDeveloper.tv Live episode, one of the consequences of the Gawker hack was that their source code for their internal software was leaked into the Internet. I doubt any of my readers would want that … Continue reading →

Posted in Business, code-level, Data Leakage, Encryption, Policy, Responsibility, software-engineering | 5 Comments

On Trashing

Posted on 2010-07-16 by Graham

Back in the 1980s and 1990s, people who wanted to clandestinely gain information about a company or organisation would go trashing.[*] That just meant diving in the bins to find information about the company structure – who worked there, who … Continue reading →

Posted in Business, Data Leakage, Policy, Twitter | Leave a comment

A solution in need of a problem

Posted on 2010-06-16 by Graham

I don’t usually do product reviews, in fact I have been asked a few times to accept a free product in return for a review and have turned them all down. This is just such an outré product that I … Continue reading →

Posted in Data Leakage | Leave a comment

So it’s not just the Department of Homeland Security, then

Posted on 2010-03-12 by Graham

What is it about government security agencies and, well, security? The UK Intelligence and Security Committee has just published its Annual Report 2008-2009 (pdf, because if there’s one application we all trust, it’s Adobe Reader), detailing financial and policy issues … Continue reading →

Posted in Data Leakage, government, Policy | Leave a comment

Look what the feds left behind…

Posted on 2010-02-22 by Graham

So what conference was on in this auditorium before NSConference? Well, why don’t we just read the documents they left behind? Ooops. While there’s nothing at higher clearance than Unrestricted inside, all of the content is marked internal eyes only … Continue reading →

Posted in Data Leakage, government, NSConf, Policy, Privacy | Comments Off