Publicly Listed Apache Axis2 Services

Google and other search engines constantly crawl the web. This allows some interesting search terms where the search engine would allow one to find directory listings of various items. This is an interesting case where people one researcher was able to find SCM directories.
With this in mind ... try googling for the following term:

"Available services" "Service EPR"

This gives a set of publicly hosted Apache Axis2 WAR distributions. Quite a few of them still had the default version service. Interestingly, the service listings includes faulty services, which displays the full path of those faulty service archive (.aar) files. Due to obvious differences in the presented path values this "feature" also discloses whether the host system is a UNIX based system or a Windows system. This maybe something to think about when managing service your deployments.

Unlinkable Complex Identity Claims

Presented at the 2013 CERIAS Symposium.

My Poster on Private Anonymous Messaging

I presented one of my projects at the CERIAS Symposium 2012.

This project is about a set of peers who wish to remain anonymous (even to each other) connected to a particular entity. In a situation where the common entity has limited connectivity to the peers, this research provides means of being able to distribute the messages transmitted by the common entity among all peers.

And I'm very happy that this poster won the honorable mention award of the poster competition! :-)

Gmail and Spam

When I tried to mark an email as spam Gmail prompted the following :

What I'm wondering now is : "Wouldn't Gmail's automated attempt to unsubscribe my email address from the spammer's list confirm the existence of a valid email address to the spammer?"

Interesting discussion about privacy. One of the many points brought out: "Can we do a 'clear history' of our Internet presence?" It seems like it is just a matter of time where all our day to day activities (not just the web pages we browse) it tracked and indexed and readily available!

Already there are quite innovative businesses that are built on top of information that is out there about you.

twitbin and your twitter password

I just tried to install the twitbin firefox plugin. Well ... very nice interface!!!

BUT it seems like twitbin first sends my username and password to http://www.twitbin.com. Firefox will prompt you asking whether to remember the password for this site :P

I believe this is should NOT be done :(

A user should NEVER have to give his/her credentials of a certain web application to a 3rd party web application. How can I be 100% sure that those who developed the 3rd party web application wrote perfect code that never leaks my user name/password of my other web application?

Interestingly the twitbin.com privacy policy is very simple and short :

Our privacy policy is simple: we don’t store any personal data about you. We
do track the total minutes spent with twitbin open, and the number of users
who use it. We don’t have any way of seeing what you say, or who you say it
to. User sessions are authenticated through twitter, so your data passes to
them, not us.

You use twitbin at your own risk, we’ve tested it, it hasn’t crashed our
computers, but we just built this in a week. If you see a bug, let us know.

SOURCE: http://twitbin.com/blog/privacy/

Well ... why does firefox ask my permission whether it is OK to REMEMBER the password (and when done so there is an entry against http://twitbin.com) when I try to to login to twitter with my plugin? So is the statement "User sessions are authenticated through twitter... "still true? I haven't really gone through the messages that are exchanged between twitbin.com and the browser... but the fact that the browser remembers the twitter user name/password against http://www.twitbin.com is more than enough evidence for me! (Or is this a firefox bug? :-) )

This sucks! ... so people ... please be careful when you use these sort of applications!!!