networking
Do you remember when a router used to be an exotic bit of network kit? Those days are long gone. A router is one of those salt-of-the-earth items now; anyone who pays for an internet connection needs a router, for: 1. NAT and basic hardware firewall protection from internet evildoers
security
Kyle Brandt, a system administrator, asks Should Developers have Access to Production? A question that comes up again and again in web development companies is: “Should the developers have access to the production environment, and if they do, to what extent?” My view on this is that as a whole
security
In my previous post, Url Shorteners: Destroying the Web Since 2002, I mentioned that one of the “features” of the new generation of URL shortening services is to frame the target content. Digg is one of the most popular sites to implement this strategy. Here’s how it works. If
security
In Why Isn’t My Encryption... Encrypting? we learned that your encryption is only as good as your understanding of the encryption code. And that the best encryption of all is no encryption, because you kept everything on the server, away from the prying eyes of the client. In The
security
In Why Isn’t My Encryption... Encrypting?, many were up in arms about the flawed function I posted. And rightfully so, as there was a huge mistake in that code that just about invalidates any so-called “encryption” it performs. But there’s one small problem: I didn’t write that
encryption
It’s as true in life as it is in client-server programming: the only secret that can’t be compromised is the one you never revealed. But sometimes, it’s unavoidable. If you must send a secret down to the client, you can encrypt it. The most common form of
security
I received this anonymous email a few days ago: I found what one could call a security hole in Stackoverflow. I’m curious enough to go digging around for holes, but too ethical to actually do anything with them. However, I’m afraid that by pointing it out I’ll
security
Inside the Precision Hack is a great read. It’s all about how the Time Magazine World’s Most Influential People poll was gamed. But the actual hack itself is somewhat less impressive when you start digging into the details. Here’s the voting UI for the Time poll in
security
Lately, I’ve been seeing these odd little signs pop up in storefronts around town. All the signs have various forms of this printed on them: Only 3 students at a time in the store please We took that picture at a 7-11 convenience store which happens to be near
security
I don’t usually do news and current events here, but I’m making an exception for the CWE/SANS Top 25 Most Dangerous Programming Errors list. This one is important, and deserves a wide audience, so I’m repeating it here – along with a brief hand-edited summary of each
security
Several high profile Twitter accounts were recently hijacked: An 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News. The hacker, who goes by the handle GMZ, told Threat
programming languages
Have you ever noticed that blogs are full of misinformation and lies? In particular, I’m referring to this blog. The one you’re reading right now. For example, yesterday’s post was so bad that it is conclusive proof that I’ve jumped the shark. Again. Apparently, according to