Items tagged security in 2003
Filters: Year: 2003 × security × Sorted by date
Blaster and the great blackout (via) Bruce Schneier writes for Salon.com # 17th December 2003, 3:10 am
Microsoft Security FAQ (via) Point your less technical friends here # 17th December 2003, 2:50 am
Nasty new IE vulnerability
Most people reading are probably aware of the common trick whereby spammers and other assorted ne’er-do-wells publish URLs with usernames that look like hostnames to fool people in to trusting a malicious site—for example, http://www.microsoft.com&session%123123123@simon.incutio.com. This trick is frequently used by spammers to steal people’s PayPal accounts, by tricking them in to “resetting” their password at a site owned by the spammer but disguised as PayPal.com.
[... 164 words]Debian’s Response. Praise for Debian’s handling of their recent security incident # 9th December 2003, 3:16 am
Silly JavaScript Security. “Sorry, you do not have permission to press this key,” # 5th December 2003, 10:42 pm
High security is low security
Via Crypto-Gram, a great piece from Bruce Tognazzini about how tough security measures can actively reduce the security of a system:
[... 225 words]Signing comments on blogs
Adrian Holovaty has implemented reserved comment names in his blog, a feature that prevents anyone apart from him from using the names “Adrian”, “Adrian H.” or “Adrian Holovaty” when posting a comment. François Nonnenmacher suggests extending the idea to allow people to “confirm” their authorship of comments on any blog using a TrackBack sent to their site that in turn causes them to be sent an alert email, which they can then use to confirm their comment. I like his idea of authentication based on URLs (email addresses are no good; they should not be publically displayed for fear of spam harvesters) but I think I’ve come up with an alternative authentication scheme that removes the need for the user to manually confirm authorship. This is pretty complicated, so bare with me.
[... 762 words]Hashing client-side data
Via Scott, a clever PHP technique for ensuring data sent to the browser as a cookie or hidden form variable isn’t tampered with by the user:
[... 248 words]