Simon Willison’s Weblog

Items tagged security in Dec, 2008

Filters: Year: 2008 × Month: Dec × security ×


Researchers Show How to Forge Site Certificates. Use an MD5 collision to create two certificates with the same hash, one for a domain you own and another for amazon.com. Get Equifax CA to sign your domain’s certificate using the outdated “MD5 with RSA” signing method. Copy that signature on to your home-made amazon.com certificate to create a fake certificate for Amazon that will be accepted by any browser. # 30th December 2008, 3:27 pm

Microsoft: Big Security Hole in All IE Versions. Looks like a 0-day that’s being actively exploited. # 16th December 2008, 8:26 pm

Yahoo! yesterday launched their new development platform for My Yahoo! and Yahoo! Mail, which uses Caja to protect users from malicious gadgets. This means Caja suddenly got 275,000,000 users. Wow! I guess this makes Caja the most widely used capability language ever.

Ben Laurie # 16th December 2008, 4:33 pm

Now You Can Sign Into Friend Connect Sites With Your Twitter ID. Great. Now even Google is asking me for my Twitter password. Slow clap. How’s that Twitter OAuth beta coming along? # 15th December 2008, 5:20 pm

Warcraft account security. Apparently Blizzard have been selling two factor authentication key fobs for World of Warcraft for about six months. # 6th December 2008, 9:52 am

Secret Geek A-Team Hacks Back, Defends Worldwide Web. Wired’s take on the story of Dan Kaminsky’s breaking-the-internet DNS vulnerability. Horrible headline. # 3rd December 2008, 11:10 am