Reader's advisory: Wired News has been unable to confirm some sources for a number of stories written by this author. If you have any information about sources cited in this article, please send an e-mail to sourceinfo[AT]wired.com. In 1972, John T. Draper discovered he could make free long-distance phone calls using a whistle from a Cap'n Crunch cereal box. The whistle emitted a 2,600-hertz tone that got him into the internal authorization system at the phone company. With another noisy device known as a blue box, Draper -- soon to be known as "Cap'n Crunch" -- made it possible for many to...

A group of researchers (Arjen Lenstra and collaborators  from EPFL Lausanne and James Hughes from Palo Alto) published a study, Ron was wrong Whit is right, of new vulnerabilities of cryptosystems. The New York Times picked up the story. Although Lenstra et al discuss several cryptosystems, their results are particularly relevant to those based on RSA. The title mirrors their conviction that cryptosystems based on a single random element have fewer key generation problems than RSA, that uses two random primes.The technical problem they identify...

The prevalence of free, open WiFi has made it rather easy for a WiFi eavesdropper to steal your identity cookie for the websites you visit while you're connected to that WiFi access point. This is something I talked about in Breaking the Web's Cookie Jar. It's difficult to fix without making major changes to the web's infrastructure.In the year since I wrote that, a number of major websites have "solved" the WiFi eavesdropping problem by either making encrypted HTTPS web traffic an account option or mandatory for all logged in users.For example, I just noticed that Twitter, transparently to me...

There are only two hard things in Computer Science: cache invalidation and naming things — Phil Karlton Doing cache invalidation by hand is an incredibly frustrating and error-prone process. You’re very likely to forget a spot and let stale data get served. That’s enough to turn most people off russian-doll caching structures, like the one we’re using for Basecamp Next. Thankfully there’s a better way. A much better way. It’s called key-based cache expiration and it works like this: The cache key is the fluid part and the cache content is the fixed ...

Shared hosting is incredibly popular with users who are looking for the cheapest hosting available – the problem is that along with the low price you get poor performance and even more concerning – questionable security.When running on a shared host dozens if not hundreds of other sites are running on the same servers – this means any single security flaw in any of those applications can compromise the entire server. This  dramatically increases the odds of your server being compromised.Because shared hosting is inherently in-secure Microsoft has built in fe...

I just installed a new Express Card with Verizon Broadband wireless lastnight. Had tons of fun accessing the web from places I usually cannot, (we arein trucking) until I got to my favorite forum. It's a public place I have beento thousands of times, but instead of happily browsing all the daily newsevents and checking to see if the world blew up yet, I found myself blocked bya big white screen that said YOUR IP ADDRESS HAS BEEN BANNED.What can I do? I can't go to the forum owners to tell them it's just lil 'olme. Besides, I have picked them up on all other wireless connections at varioush...

Remember that feeling you got back when Steve Jobs was unveiling the iPhone, and he did the “slide to unlock” gesture for the first time? I remember the way he said it – “You like that? Want to see it again?”Since then I haven’t seen a lock screen interface that has made me feel that same “how obvious, how elegant!” feeling – until today at the NVIDIA press conference, and later at the Microsoft keynote here at CES. It sounds a little silly, sure, making such a big deal of such a small feature, but it’s just nice to see a genuinely na...

Securing server software is not a straightforward task. Not all of our operating environments are the same, leading to a variety of potential security vulnerabilities. However, using a few basic configuration and security options, you can stay a little ahead of where you want to be.1. Fail2banFail2ban is a Python-based intrusion prevention software that detects and blocks malicious IP addresses from multiple unsuccessful attempts at software logins. In other words, if someone is attempting to login to your server via ssh, it detects multiple, unsuccessful attempts and blocks that user ip for a...