Category: Security
Neal Poole – Cross-Site Scripting via Error Reporting Notices in PHP
Though to be fair you probably shouldn’t be using display_errors in a production site.
codahale.com – A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals)
Nice intro to timing attacks along the way.
Identity at Mozilla – How BrowserID differs from OpenID
Some really impressive work from the team at Mozilla, defiantly simpler to get started and using than OpenID and eliminates the which OpenID provider did I use for this site.
Freedom to Tinker – New Research Result: Bubble Forms Not So Anonymous
Even something as simple and low tech as bubble forms can’t be totally anonymous.
BBC News – US airports still vulnerable to attacks, says lawmaker
The TSA is so effective it’s ineffective.
LATimes – Implanted bombs: TSA warns of possible terrorist threat of bombs implanted in people
The threats will continue to magically appear until we all fear everything and give up every sense of privacy and self-respect to the TSA to implement rules and procedures that do nothing to solve the real problem.
Schneier on Security – Yet Another “People Plug in Strange USB Sticks” Story
Have to agree with Bruce Schneier, the problem isn’t people plugging a device into their computer for which they have no reason to suspect harm from it.
Should I Change My Password?
I’m safe at least at the moment, how about you?
Throwing Fire – LastPass Disclosure Shows Why We Can’t Have Nice Things
Even the technology journalism sites can’t get things right on occasion.
BBC News – Jihadists use mobiles as propaganda tools
What a stupid article, if it was the 1980’s we would all be as isolated as if it was the 1980’s.