Simon Willison’s Weblog

Blogmarks tagged security in Jan, 2007

Filters: Type: blogmark × Year: 2007 × Month: Jan × security ×


MySpace Allegedly Kills Computer Security Website. No need for the allegedly; it’s been confirmed. MySpace got GoDaddy.com to redirect DNS for seclists.org after a list of phished user accounts posted to the full disclosure mailing list list was archived there. # 26th January 2007, 9:57 am

The NHL’s All-Star voting disaster. The NHL ran an online poll to decide which players are picked for their All-Star Game. The only authentication was a poorly implemented CAPTCHA. Unsurprisingly, it got gamed. # 19th January 2007, 9:50 am

MySpace: Too Much of a Good Thing? CSS customization really was just the result of forgetting to strip HTML. They “eventually” decided to filter out JavaScript(!) # 17th January 2007, 9:09 am

Details of Google’s Latest Security Hole. For a brief while you could use Blogger Custom Domains to point a Google subdomain at your own content, letting you hijack Google cookies and steal accounts for any Google services. # 14th January 2007, 1:36 pm

The Adobe PDF XSS Vulnerability. If you host a PDF file anywhere on your site, you’re vulnerable to an XSS attack due to a bug in Acrobat Reader versions below 8. The fix is to serve PDFs as application/octet-stream to avoid them being displayed inline. # 11th January 2007, 4:23 pm

Choosing Secure Passwords. Bruce Schneier describes the state of the art in password cracking software. # 11th January 2007, 2:55 pm