"Reaching from a Florida computer into the most private documents of Hollywood celebrities took no organized blackmail ring, no special tools, and no special software. It required merely a search engine, an Internet connection, and the willingness to be deeply creepy."

"So what's the purpose of blurring the imagery if it's that easy to obtain clear shots?" On Google Earth, imagery and historic data.

"Whereas the standard example for a stored XSS vulnerability over an out-of-band channel is a web mailer like OWA using SMTP here this channel for the attack is kind of — err, let's put it this way — unusual: One has to write a book!"

"Nine out of 10 British people are happy to use full-body scanners being rolled out at UK airports." "The poll of 10,000 people, including 977 Britons... found acceptance of the scanners was highest in the UK." "One in three surveyed in Germany and Belgium objected, and only 45% in Hong Kong and 24% in Mexico were in favour."

The Security Update released by Apple yesterday, 2009-001, clobbers part of the core IO module. If you've ever upgraded it, you'll need to fetch it manually and reinstall.

'Google now supports the "Hybrid Protocol", combining OpenID federated login together with OAuth access authorization.' Looks like this might end up with a usable, open competitor to Facebook Connect.

Martin Kleppmann on what, to me, smells more like a theoretical than a practical weakness in the Flickr API. There's at least one mistake - if an app is authenticated, it doesn't need to be approved again - and more generally, even if you do have an app's key and secret, you can still only get the level of auth the app originally asked for. The fixes all seems horribly overcomplex (for example, my EXIF machine tagger has just four users, total, because keys/secrets are such a barrier to entry). Anyway, can't say I'm that worried personally.

"So I have to give up significant amounts of personal data, and have no ‘expectation of privacy’. Makes me think twice about whether going to the US is even worth it."

How to stop someone doing a dictionary attack on your Django/Python website, by using memcache.

'"Twitter has also become a social activism tool for socialists, human rights groups, communists, vegetarians, anarchists, religious communities, atheists, political enthusiasts, hacktivists and others to communicate with each other and to send messages to broader audiences," the report said.'

A nice little AppleScript folder action which calls xattr to remove that annoying "You've downloaded this, is it safe?" dialog. Trades security for convenience, of course, but if you want it, here it is. (I do.)

I should have a good look at this and see if the safe files are related at all to the xattr settings discussed earlier.

That annoying "this is downloaded from the Internet" dialog? Here's how to get rid of it.

Chris Nandor on the hates-software blogmailinglisthing about the rather stupid notifications you get that an application is from the Internet.

I couldn't believe it when I saw the "Photos" ad on the back page of one of the evening freesheets on Tuesday. "Terrorists ... take photos of CCTV cameras" So do ordinary (well, only slightly abnormal) people...

When I finally upgrade, I should be able to junk SSHKeychain. Which is good, because it often takes a gig of VM for no apparent reason.

"In the past few weeks an 11-mile blue fence has sprung up around the 2012 Olympics site in east London. Is it a necessary security measure - or a reminder of how divisive the games are? Andy Beckett walks along it." Looks like a good read. Or cycle.

On remote keyless entry systems: "The authors also suggest that car owners wrap their keyless ignition fobs in tin foil when not in use" to prevent scanning.

Including how to revert to the previous, insecure user:pass@host method

I'm surprised that the LANMAN passwords get generated automatically, given you have to futz in Accounts to get Windows sharing working. Interesting post.

Could be useful in various places. Actually, maybe in Blue Coconut, although there "proper" Cocoa access would be better.

How srm (secure rm) works, because I keep losing the URL

Despite the CNet report from boingboing mentioning eEye, their page doesn't mention iTunes

I notice the eEye vulnerability hasn't made CVE status