Simon Willison’s Weblog

Blogmarks tagged security in 2005

Filters: Type: blogmark × Year: 2005 × security ×

Chris Shiflett: Google XSS Example (via) UTF-7 is a nasty vector for XSS. # 24th December 2005, 5:21 pm

Zero-Day Exploit Targets IE (via) Remote code execution. No patch yet; disable Active Scripting instead. # 22nd November 2005, 6:24 am

Cross-site request forgery (CSRF). Somehow this vulnerability is news to me. # 6th May 2005, 11:07 pm

Usable Security: Look Beyond the “Fundamental Conflict”. Security and usability are not conflicting goals. # 18th March 2005, 2:27 am

Not linking is not security. Ridiculous: Harvard rejects applicants who “hacked” by guessing a URL. # 8th March 2005, 8:47 pm

Schneier on Security: Cryptanalysis of SHA-1. If you want to understand the “breaking” of SHA-1, this is the place to go. Surprisingly accessible. # 19th February 2005, 3:12 pm

Internet Explorer 7. It’s been announced, but the stated focus is security and anti-phishing. No news on improved CSS. # 15th February 2005, 7:04 pm

Secure wireless email on Mac OS X. Doug Bowman’s tutorial on SSH Tunnel Manager and wireless security. # 8th February 2005, 11:20 am