Archive for February, 2008

Dear PayPal, Safari Isn’t The Security Problem

Thursday, February 28th, 2008

In an interview with Macworld, PayPal asserted that Safari was not secure enough to be included on its recommended browser list. PayPal currently recommends Internet Explorer 7+, Firefox 2+, or Opera to its users.

Michael Barrett, PayPal’s chief information security officer, said, “Safari has got nothing in terms of security support, only SSL (Secure Sockets Layer encryption), that’s it.” Indeed, Safari lacks anti-phishing blacklisting and support for extended validation (EV) certificates. Unfortunately for Mr Barrett, SSL is the only method mentioned for securing online transactions. Blacklists and EV certificates provide information to the visitor that the site is more likely to be what it claims. They don’t actually make the browser connection to the web server any more secure.

Mr Barrett made no mention of a flaw in Safari’s SSL implementation or other vulnerability.

Phishing sites impersonate real sites in order to trick visitors into giving legitimate information. Attackers can then use this information to defraud the visitor. Phishing attacks are attacks on visitors, not technology. The solutions aren’t likely technical.

Users must learn to verify the address of any site asking for a password. Good ideas, like Bank of America’s SiteKey, have not been effective because users don’t pay attention to the security features. Another study observed extended validation certificates failing for the same reason. At some point, users need to be responsible for themselves.

As for anti-phishing blacklists, I don’t use them. Blacklists are a privacy invasion.* I don’t want every site I visit being sent to a centralized service for “verification”, unless it’s voluntary and part of my DNS.

Edit: *Unless you use Firefox, as its blacklist is localized and refreshed often. Thanks Asa for the comment. IE 7′s phishing filter, however, does phone home to verify addresses.

Honorary Funny Porto Ricans

Tuesday, February 19th, 2008

Some Kind of Funny Porto Rican at the Pan African Film Festival

I attended the screening of Some Kind of Funny Porto Rican? as part of the Pan African Film Festival on Saturday night.

Arthur and I (and many of our Emerson friends) worked on various portions of this documentary over the past three years with our former professor, Dr. Claire Andrade-Watkins. We watched it many times throughout production, but experiencing the documentary with the Cape Verdean American community in Los Angeles was so powerful.

The audience’s reception moved me. The documentary’s larger story of gentrification has touched far too many communities. I left the night longing for a cultural identity. I don’t feel like I have one genetically or nationally. I don’t think I really need one, as I like just being me, but I’m happy to have helped preserve one.

My favorite question from the Q&A session: Why didn’t you interview Cape Verdean scholars? How did you choose which stories were accurate for inclusion?

Answer: Uh, hello?! Dr. Andrade-Watkins, PhD in cultural studies. I can validate the accuracy and I believe that people are capable of telling their own stories.

Huzzah!

The Online Apple Store Password Problem

Sunday, February 17th, 2008

Whilst preparing my taxes, I needed to grab a receipt for a purchase made at the online Apple Store. The online Apple Store is one of the few places where I don’t mind having an account, as I purchase from it frequently. However, the online Apple Store exhibits one of the biggest flaws in ecommerce check out procedures: being more concerned about my password than I am.

Apple Store online screenshot of request to enter a new password

When I tried to login to retrieve the receipt, I was prompted that my password had expired. This happens every 3 months. I sighed and then proceeded to enter another of my usual passwords for online purchases.

Apple Store online screenshot of password being used within last year

Oops! That password had been used within the last year. Actually, all of the three passwords that I typically use for online purchases had been used within the last year. I made the unfortunate mistake of purchasing from the online Apple Store at least once every quarter in 2007.

I fidgeted. I couldn’t think of another password to add to my arsenal of unimportant, yet memorable passwords. I remember nearly 20 unique passwords that I use regularly. Having to remember another unique password just for Apple just for a quarter bothered me, but I needed to view my previous order. I came up with a new, memorable password.

Apple Store online screenshot of password needing to contain a number

Crap. The password must include a number. and be more than six characters long. and not be one of the four passwords used in the last year. I wondered why the requirement for a number was not listed with the other password specifications.

After five minutes, I was able to view my previous orders… only to remember that I made the purchase at a physical Apple Store.

What is Graphic Design? Poster

Saturday, February 9th, 2008

I spent an hour on an entry to the What is Graphic Design? Poster Competition.

My definition: Graphic design is a method of communicating, like speech and language, using visual form.

My entry:
visual form + intention to communicate = graphic design

Yes We Can

Wednesday, February 6th, 2008

From YesWeCanSong.com and the next President of the United States:

Just remember: She voted for war.

BINC Professional Search: Yet Another Recruiter To Avoid

Monday, February 4th, 2008

I get contacted by recruiters all the time. In general, I find them sleazy. There are exceptions.

When Charlie Smith at BINC “Professional” Search emailed me, I suggested that he state the name of the company he was working on behalf of when cold emailing potential candidates. Several of my friends have had bad experiences with résumé mining by recruiters. Here’s his response:

I appreciate the heads up but in all honesty, the Designers out there who don’t like recruiters can sit on the side lines and watch their friends take better, more high paying jobs for all I care.

Well thanks, jackass.

Quick Update

Sunday, February 3rd, 2008

I know that things have been fairly quiet around here. The primary reason is that I am in the process of completely overhauling my site and the lack of conclusion has been a good excuse to not add any more content. Here’s a quick update.

I left Creative Acceleration and started a new job at GoTV Networks last Wednesday. While I will be doing the same type of front end design and development, my work will be part of GoTV’s core operations, which is quite different from the world of agency work. The change comes with a nice bump in pay and a much shorter commute.

As part of my continued work with Scrubya, I am developing an open source shopping cart called Concord Cart. It’s PHP based and fundamentally different than other open source shopping carts. Instead of taking over your site and trying to be a content management system and everything to everyone, Concord Cart only drops in where you need it. More details on this will come later.

Grey Matters is being revived. Arthur & I have exciting projects planned in several forms of media. The website will be updated in the coming months.

Remember the Emersive 2006 Hott Guys Calendar fundraiser for the EFF? I have a hankering to do it again.

My physical fitness challenge continues. I’m trying to add 20 pounds of muscle by the end of this year. I’ve been working out at least three times a week for the past six months with determined intensity. Let’s see if I can finally go from scrawny to brawny.

2008 is off to an exciting start. I’ve never been so energized and inspired. Cheers!

close