“Google has announced the launch of their free DNS resolution service, called Google Public DNS. According to their blog post, Google Public DNS uses continuous record prefetching to avoid cache misses — hopefully making the service faster — and implements a variety of techniques to block spoofing attempts. They also say that (unlike an increasing number of ISPs), Google Public DNS behaves exactly according to the DNS standard, and will not redirect you to advertising in the event of a failed lookup. Very cool, but of course there are questions about Google’s true motivations behind knowing every site you visit.”

Oh, this is tempting. I have some routers configured to use OpenDNS (mainly for their supposed fast response, not for the redirect to search), and I am rather tempted to re-configure them to use Google’s DNS servers.

But, frankly, I think Google already has enough of my private information. I don’t need them to know every site I visit (and no, I don’t put much stock in ToS; as much as I trust Google more than other companies, once they have the information, it’s safer to assume that they’ll have it for-ever).

Well, I guess for now, Google’s DNS servers do not offer anything beyond what OpenDNS or my local DNS servers do … so at least the decision is a no-brainer for the time being.

“A Turkish grad student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the SSL protocol. The exploit by Anil Kurmus is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. All in all, a man in the middle is able to steal the credentials of a user authenticating himself through HTTPS to a trusted website.”

What’s next? PGP? Can we trust anything other than OTPs any more?

I, for one, am excited. Here are a group of people with a profit motive (it’s the illegal kind, but, oh well) who can make a real contribution to steganography. Imagine the coming advances in the next year or so!

I guess it’s re-install time for many of my servers, or at least one of them. I am currently keeping … a vigilant log to check that nothing out of ordinary is happening, but I am considering the machine compromised and in line for re-install as soon as I can find the time.

Well, from a broader perspective, I guess nothing of value is lost for me here, since I don’t store anything sensitive on Twitter (or, formerly, on Facebook). All my profiles are as public as I can make them. After all, only criminals and other malcontents with things to hide use any privacy features, right?

I guess, in some sense, if someone takes control of my Twitter account, they can send messages to my friends pretending to be me, but, well, one would hope that my true friends will be able to recognize when it is me talking and when it is not—and if they do anything significant without verifying it with me through some secured channel, well, they’ve become a security liability to me.

But this breach should serve as a warning: don’t trust online service providers, and trust big online service providers (Google, Yahoo, etc.) even less. I don’t mean not to use them. That would be near impossible if you have any sort of online presence. The services they provide are valuable and useful in daily lives. I use Flickr (Yahoo) and Google Voice myself.

But I use these services because they have nothing of security value. I don’t speak on the phone regarding anything sensitive—I assume all the phones I use are tapped, and I don’t leave electronic or paper trails when the situations warrant it—and although I did mark some photos in my Flickr account as “private”, they are hardly sensitive documents (they are pictures of my nephew and, well, I don’t feel I have the authority to distribute them widely).

I have moved away from Gmail more than a year ago, and I make sure that anything sensitive doesn’t even go through Gmail (instead, I use randomly generated email addresses on my own domain and server), and no one who handles sensitive data from corporate or national perspective should be using Gmail (or any other public email provider) for those purposes.

As the saying goes, just because I’m paranoid doesn’t mean everyone isn’t out to get me (or was it “If everyone is out to get me, it’s not paranoia”?).

I just changed my Google Account password (along with another important account). This is the password that I used to treat as “secure” for quite a while, and well, it might have been. At least I know for sure that it has never been transmitted in cleartext (I only type that into Google Accounts and trusted resellers, who all use SSL for such connections), but frankly, it has been “shared” with too many entities. I have been assuming that they all encrypt user passwords and take good care of them … but what if they haven’t?

So, I changed my important passwords. I will continue to change my passwords until none of them are identical.

Of course, I have no hope of remembering so many passwords by myself … but I will manage.

I had a good look back at what I have so far, and looking at my password list and how every one of them is the same, this scared me.

So, I am changing all my passwords on various systems. It’ll probably take a while, since I am doing it each time I log on. I can’t possibly hope to remember all the systems where I have a password.

This time, I will use a randomly generated password. No mnemonics. And I will do what the security professionals recommend: write it down. (Or, alternatively, let some other program remember it for me.)

The web is more interesting when you can build apps that easily interact with your friends and colleagues. But with the trend towards more social applications also comes a growing list of site-specific APIs that developers must learn.

OpenSocial provides a common set of APIs for social applications across multiple websites. With standard JavaScript and HTML, developers can create apps that access a social network’s friends and update feeds.

“Better when it’s social”, my arse. I like my lone website JUST FINE, thank you. The only things I can possibly see benefiting from being connected with others are wikis.

Really, I hate it when it’s so easy for people to reach me. It makes it that much harder to tell who are my true friends.