Simon Willison’s Weblog

Items tagged security in 2006

Filters: Year: 2006 × security ×

How is Google giving me access to this page?

Google have an open URL redirector, so you can craft a link that uses that:

[... 35 words]

A Cost Analysis of Windows Vista Content Protection (via) Vista’s content protection is a nightmare for hardware manufacturers and consumers alike. It’s far worse than even BoingBoing readers would expect. # 24th December 2006, 10:34 am

Rogues are very keen in their profession, and know already much more than we can teach them

The Construction of Locks # 19th December 2006, 8:55 am

Never store passwords in a database! The developers just learnt this the hard way. It might be time to change some of your passwords. # 16th December 2006, 12:01 am

Real-World Passwords. Random passwords phished from MySpace are surprisingly decent. # 14th December 2006, 2:14 pm

BT acquires Counterpane Internet Security (via) They just bought Bruce Schneier. # 25th October 2006, 10:57 am

Better Metrics for Security—Understanding the Symantec Internet Security Threat Report. Mozilla defends against yet more spurious bug count reports. # 27th September 2006, 9:54 am

Parsing XML can open network sockets (via) Yikes. Something to bare in mind. # 18th August 2006, 2:27 pm

Bruce Schneier Facts. “SSL is invulnerable to man-in-the-middle attacks. Unless that man is Bruce Schneier.” # 17th August 2006, 2:19 pm

Schneier on Security: New Airline Security Rules. “I’m sure glad I’m not flying anywhere this week” says Bruce. Now I wish I wasn’t! # 10th August 2006, 4:26 pm

On the total nondisclosure of the 8/9/06 [Rails] security vulnerability. The best argument I’ve seen in favour of full disclosure. # 10th August 2006, 2:53 pm

Rails 1.1.5: Mandatory security patch. Upgrade now, and spread the word. # 9th August 2006, 8:55 pm

Why is XSS so common? Because dev tools don’t escape things by default. # 2nd August 2006, 8:57 pm

Don’t serve JSON as text/html. Another sneaky XSS trick. # 5th July 2006, 11:46 pm

Mozilla causing XSS in Livejournal. Their recent worm attack was caused by the -moz-binding CSS property. # 22nd January 2006, 9:37 pm

Xanga Hit By Script Worm (in December) (via) Description of an XSS worm that hit Xanga last month. # 21st January 2006, 8:47 pm

DHS Funding Open Source Security. Paying for “source code analysis technology” coverage of Linux, Apache, PostgreSQL and more. # 17th January 2006, 10:18 pm