Thursday, May 29th, 2008
Web developer Aza Raskin knows we visit Digg, Del.icio.us, Reddit and Facebook without even having to ask.
No, he isn't employing privacy violating hackery, but he is exploiting a "cute" information leak in CSS that traditionally displays visited links differently than those that have yet to be visited. By loading in ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, May 5th, 2008
Nowadays, who understands Di-Di-Di-Da-Da-Da-Di-Di-Dit (S.O.S., Save Our Souls)? Few people do, but your web browser just might. In his blog, security expert Nathan McFeters has reported the discovery of a cross-site scripting (XSS) vulnerability on an Italian website that allows attackers to inject malicious JavaScript encoded in Morse code in ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, April 30th, 2008
If you allow user-contributed content in your site, you run into the problem of dealing with user supplied HTML in a safe manner. The most secure way of dealing with things, of course, is to strip or escape all HTML from user input fields. Unfortunately, there are many situations where ...
Posted in Coding, Internet, Security | No Comments
Wednesday, April 23rd, 2008
Malware authors will often have their files display something to the user so that they actually believe the file is legitimate. Many of us have experienced such tricks, including fake errors stating that a specific file could not be found or that the application failed to load properly. Today we ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, April 16th, 2008
Security researchers on Monday spotted malicious code that triggers a critical vulnerability in the Chinese version of Windows 2000, and warned users of other editions to expect attacks.
Symantec confirmed that the proof-of-concept code publicly posted to the milw0rm.com site earlier in the day successfully attacks Chinese editions of Windows 2000 ...
Posted in Coding, Internet, Security, Windows | No Comments
