security

programming languages

Programming Is Hard, Let’s Go Shopping!

A few months ago, Dare Obasanjo noticed a brief exchange my friend Jon Galloway and I had on Twitter. Unfortunately, Twitter makes it unusually difficult to follow conversations, but Dare outlines the gist of it in Developers, Using Libraries is not a Sign of Weakness: The problem Jeff was trying

By Jeff Atwood ·
Comments

security

Preventing CSRF and XSRF Attacks

In Cross-Site Request Forgeries and You I urged developers to take a close look at possible CSRF / XSRF vulnerabilities on their own websites. They’re the worst kind of vulnerability – very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least until you’

By Jeff Atwood ·
Comments

security

Cross-Site Request Forgeries and You

As the web becomes more and more pervasive, so do web-based security vulnerabilities. I talked a little bit about the most common web vulnerability, cross-site scripting, in Protecting Your Cookies: HttpOnly. Although XSS is incredibly dangerous, it’s a fairly straightforward exploit to understand. Do not allow users to insert

By Jeff Atwood ·
Comments

security

Protecting Your Cookies: HttpOnly

So I have this friend. I’ve told him time and time again how dangerous XSS vulnerabilities are, and how XSS is now the most common of all publicly reported security vulnerabilities – dwarfing old standards like buffer overruns and SQL injection. But will he listen? No. He’s hard headed.

By Jeff Atwood ·
Comments
The Perils of FUI: Fake User Interface

user experience

The Perils of FUI: Fake User Interface

As a software developer, tell me if you’ve ever done this: 1. Taken a screenshot of something on the desktop 2. Opened it in a graphics program 3. Gone off to work on something else 4. Upon returning to your computer, attempted to click on the screenshot as if

By Jeff Atwood ·
Comments
Open Wireless and the Illusion of Security

security

Open Wireless and the Illusion of Security

Bruce Schneier is something of a legend in the computer security community. He’s the author of the classic, oft-cited 1994 book Applied Cryptography, as well as several well-known cryptography algorithms. The cheeky Norris-esque design above is a reference to the actor names commonly used in examples of shared secret

By Jeff Atwood ·
Comments
Please Give Us Your Email Password

security

Please Give Us Your Email Password

A number of people whose opinions I greatly respect have turned me on to Yelp over the last six months or so. Yelp is a community review site, and a great way to discover cool new places in whatever neighborhood you happen to be in. I’ve enjoyed using Yelp,

By Jeff Atwood ·
Comments

security

Revisiting the Black Sunday Hack

One of the most impressive hacks I’ve ever read about has to be the Black Sunday kill. Since the original 2001 Slashdot article I read on this is 99.9% quote, I’m going to do the same. I can see why they quoted so extensively; it’d be

By Jeff Atwood ·
Comments
OpenID: Does The World Really Need Yet Another Username and Password?

authentication

OpenID: Does The World Really Need Yet Another Username and Password?

As we continue to work on the code that will eventually become stackoverflow, we belatedly realized that we’d be contributing to the glut of username and passwords on the web. I have fifty online logins, and I can’t remember any of them! Adding that fifty-first set of stackoverflow.

By Jeff Atwood ·
Comments

security

Your Session Has Timed Out

How many times have you returned to your web browser to be greeted by this unpleasant little notification: Your session has timed out. Please sign in again. If you’re anything like me, the answer is lots. What’s worse is that you’re usually kicked out of whatever page

By Jeff Atwood ·
Comments
Core War: Two Programs Enter, One Program Leaves

programming languages

Core War: Two Programs Enter, One Program Leaves

Our old pal A. K. Dewdney first introduced the world to Core War in a series of Scientific American articles starting in 1984. (Full page scans of the articles, including the illustrations, are also available.) Core War was inspired by a story I heard some years ago about a mischievous

By Jeff Atwood ·
Comments
A Question of Programming Ethics

privacy

A Question of Programming Ethics

From the ACM Code of Ethics: As an ACM member I will 1. Contribute to society and human well-being. 2. Avoid harm to others. 3. Be honest and trustworthy. 4. Be fair and take action not to discriminate. 5. Honor property rights including copyrights and patent. 6. Give proper credit

By Jeff Atwood ·
Comments