security
Several things can trigger the sorry message. Often it’s due to infected computers or DSL routers that proxy search traffic through your network – this may be at home or even at a workplace where one or more computers might be infected. Overly aggressive SEO ranking tools may trigger this
security
I don’t usually do news and current events here, but I’m making an exception for the CWE/SANS Top 25 Most Dangerous Programming Errors list. This one is important, and deserves a wide audience, so I’m repeating it here – along with a brief hand-edited summary of each
security
Several high profile Twitter accounts were recently hijacked: An 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News. The hacker, who goes by the handle GMZ, told Threat
programming languages
Have you ever noticed that blogs are full of misinformation and lies? In particular, I’m referring to this blog. The one you’re reading right now. For example, yesterday’s post was so bad that it is conclusive proof that I’ve jumped the shark. Again. Apparently, according to
programming languages
A few months ago, Dare Obasanjo noticed a brief exchange my friend Jon Galloway and I had on Twitter. Unfortunately, Twitter makes it unusually difficult to follow conversations, but Dare outlines the gist of it in Developers, Using Libraries is not a Sign of Weakness: The problem Jeff was trying
security
In Cross-Site Request Forgeries and You I urged developers to take a close look at possible CSRF / XSRF vulnerabilities on their own websites. They’re the worst kind of vulnerability – very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least until you’
security
As the web becomes more and more pervasive, so do web-based security vulnerabilities. I talked a little bit about the most common web vulnerability, cross-site scripting, in Protecting Your Cookies: HttpOnly. Although XSS is incredibly dangerous, it’s a fairly straightforward exploit to understand. Do not allow users to insert
security
So I have this friend. I’ve told him time and time again how dangerous XSS vulnerabilities are, and how XSS is now the most common of all publicly reported security vulnerabilities – dwarfing old standards like buffer overruns and SQL injection. But will he listen? No. He’s hard headed.
user experience
As a software developer, tell me if you’ve ever done this: 1. Taken a screenshot of something on the desktop 2. Opened it in a graphics program 3. Gone off to work on something else 4. Upon returning to your computer, attempted to click on the screenshot as if
security
Bruce Schneier is something of a legend in the computer security community. He’s the author of the classic, oft-cited 1994 book Applied Cryptography, as well as several well-known cryptography algorithms. The cheeky Norris-esque design above is a reference to the actor names commonly used in examples of shared secret
security
A number of people whose opinions I greatly respect have turned me on to Yelp over the last six months or so. Yelp is a community review site, and a great way to discover cool new places in whatever neighborhood you happen to be in. I’ve enjoyed using Yelp,
security
One of the most impressive hacks I’ve ever read about has to be the Black Sunday kill. Since the original 2001 Slashdot article I read on this is 99.9% quote, I’m going to do the same. I can see why they quoted so extensively; it’d be