Monday, May 5th, 2008 Nowadays, who understands Di-Di-Di-Da-Da-Da-Di-Di-Dit (S.O.S., Save Our Souls)? Few people do, but your web browser just might. In his blog, security expert Nathan McFeters has reported the discovery of a cross-site scripting (XSS) vulnerability on an Italian website that allows attackers to inject malicious JavaScript encoded in Morse code in ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, April 30th, 2008 If you allow user-contributed content in your site, you run into the problem of dealing with user supplied HTML in a safe manner. The most secure way of dealing with things, of course, is to strip or escape all HTML from user input fields. Unfortunately, there are many situations where ...
Posted in Coding, Internet, Security | No Comments
Wednesday, April 23rd, 2008 Malware authors will often have their files display something to the user so that they actually believe the file is legitimate. Many of us have experienced such tricks, including fake errors stating that a specific file could not be found or that the application failed to load properly. Today we ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, April 16th, 2008 Security researchers on Monday spotted malicious code that triggers a critical vulnerability in the Chinese version of Windows 2000, and warned users of other editions to expect attacks.
Symantec confirmed that the proof-of-concept code publicly posted to the milw0rm.com site earlier in the day successfully attacks Chinese editions of Windows 2000 ...
Posted in Coding, Internet, Security, Windows | No Comments
Wednesday, April 16th, 2008 About one percent of the Internet web pages are being changed in transit, sometimes in a harmful way, according to researchers at the University of Washington.In a paper, set to be delivered Wednesday, the researchers document some troubling practices. In July and August they tested data sent to about 50,000 ...
Posted in Coding, Internet, Privacy, Security | No Comments
