Facebook has created quite a stir with their new Beacon — a feature that allows third party sites to communicate user purchases and interests to Facebook and then into a user’s newsfeed. It has raised a number of valid privacy concerns, but the technology itself is quite interesting. Jay Goldman has taken it all apart to see how it works in Deconstructing Facebook Beacon Javascript.

Lest you be lulled into believing you understand passwords and security, Thomas Ptacek sets you straight in Enough with the Rainbow Tables.

As the web continues to evolve into a platform, and services start to expose themselves through APIs, connecting things quickly, easily, and uniformly is of increasing interest. Allowing sites and services to communicate on the user’s behalf is convenient, but can also put users at risk by forcing them to hand over their credentials. Enter OAuth, “an open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.” Hueniverse offers up a quick introduction to OAuth, and explains how it differs from OpenID.

Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using another key to unlock everything else.

OAuth, provides a valet key for the web.

A great explanation of cracking passwords with rainbow tables and the benefits of salting your hashes is to be found in Rainbow Hash Cracking.