Simon Willison’s Weblog

Entries tagged security in 2007

Filters: Type: entry × Year: 2007 × security ×


Designing for a security breach

User account breaches are inevitable. We should take that in to account when designing our applications.

[... 545 words]

Massive Dreamhost hack, WordPress not to blame

On mezzoblue, Dave Shea reports that someone had modified every index.php and index.html file on his site to include spam links at the bottom of the page, hidden inside a <u style="display: none;">. Dozens of other people in his comments reported the same thing happening to their sites.

[... 279 words]

Solving the OpenID phishing problem

Most of the arguments I hear against OpenID are based on mis-understandings of the specification, but there is one that can’t be ignored: OpenID is extremely vulnerable to phishing.

[... 531 words]