S Anand

Two Factor Authentication

Bruce Schneier on The Failure of Two-Factor Authentication. Two factor authentication replaces passwords with two things: something you have (e.g. a security token that changes numbers every minute) and something you know (e.g. password). Bruce says this won’t help against two new kinds of attacks we’re seeing:

Man-in-the-Middle attack. An attacker puts up a fake bank website and entices user to that website. User types in his password, and the attacker in turn uses it to access the bank’s real website. Done right, the user will never realize that he isn’t at the bank’s website. Then the attacker either disconnects the user and makes any fraudulent transactions he wants, or passes along the user’s banking transactions while making his own transactions at the same time.

Trojan attack. Attacker gets Trojan installed on user’s computer. When user logs into his bank’s website, the attacker piggybacks on that session via the Trojan to make any fraudulent transaction he wants.


AmazType is a typographic book search based on Amazon. I didn’t understand what that meant either, until I searched for Six Degrees. Try it. Then click on a few of the book images.

Google local listing

Google Local Business Center.

Fill in the address of your business. Google matches with its database, and edit the category, hours, payment terms, etc…. of course it’s not going to do this without some kind of validation. After you’ve submitted your listing Google will send you a letter within two weeks with a PIN and activation instructions for making your edits “live” on Google Local. Your listing won’t be included on the site until this process is gone through.

Open Search

OpenSearch. “We want OpenSearch to do for search what RSS has done for content.” It’s an RSS interface to search, and is an extremely powerful concept.

Search box

I have introduced a “Search” box near the top. It searches for posts that contain the string (regular expression) you type in that box.