Posts tagged security in 2006
Filters: Year: 2006 × security × Sorted by date
How is Google giving me access to this page?
Google have an open URL redirector, so you can craft a link that uses that:
[... 35 words]A Cost Analysis of Windows Vista Content Protection (via) Vista’s content protection is a nightmare for hardware manufacturers and consumers alike. It’s far worse than even BoingBoing readers would expect.
Rogues are very keen in their profession, and know already much more than we can teach them
Never store passwords in a database! The reddit.com developers just learnt this the hard way. It might be time to change some of your passwords.
Real-World Passwords. Random passwords phished from MySpace are surprisingly decent.
BT acquires Counterpane Internet Security (via) They just bought Bruce Schneier.
Better Metrics for Security—Understanding the Symantec Internet Security Threat Report. Mozilla defends against yet more spurious bug count reports.
Parsing XML can open network sockets (via) Yikes. Something to bare in mind.
Bruce Schneier Facts. “SSL is invulnerable to man-in-the-middle attacks. Unless that man is Bruce Schneier.”
Schneier on Security: New Airline Security Rules. “I’m sure glad I’m not flying anywhere this week” says Bruce. Now I wish I wasn’t!
On the total nondisclosure of the 8/9/06 [Rails] security vulnerability. The best argument I’ve seen in favour of full disclosure.
Rails 1.1.5: Mandatory security patch. Upgrade now, and spread the word.
Why is XSS so common? Because dev tools don’t escape things by default.
Don’t serve JSON as text/html. Another sneaky XSS trick.
Mozilla causing XSS in Livejournal. Their recent worm attack was caused by the -moz-binding CSS property.
Xanga Hit By Script Worm (in December) (via) Description of an XSS worm that hit Xanga last month.
DHS Funding Open Source Security. Paying for “source code analysis technology” coverage of Linux, Apache, PostgreSQL and more.