Student researchers have NOT demonstrated the simultaneous compromise of the systems necessary for the attack to succeed.

Francois' investigations led him to a cache of top-quality data with "a higher price than usual"...

Once people decide to share information between their services, we run smack dab into the "how" of it all.

Using an online vault secured by a passphrase is a reasonable way to bootstrap a secret onto a machine.

We want something that only a highly trusted program can do...

TJX presided over the largest data security SNAFU in history

When you make it clear you are not using your real name, are you really tricking anyone?

I agree with Mathew that requiring use of SSL and PKI is overkill for the type of blogging and hobbyist use cases he describes. This is fixed in CardSpace 1.1

Jon says that when you’re talking about a single site, novel authentication schemes arguably make sense. But they start to break down when you start using them at many sites...

Most DDoS attacks these days aren't spoofed, because there's no need, given the zillions of botted computers out there...