software development, security, opinion
Archive for the ‘LINKS’ Category.
IE-6 privacy solution backfires. “The privacy features added in IE6 to help protect a user’s privacy by giving them direct control over cookie management allows any site to read any other site’s cookies, in effect removing all privacy. Further, this hole extends to other protocols, allowing you to execute arbitrary commands on the user’s machine as well as take over MSN Messenger,” Larholm told us. [The Register]
See also
SQL Security:
the web site,
and
the slide show.
Adam Bosworth (BEA): “Loose coupling is central to the nature of Web services-based application integration. That’s why it seems to me that the right model for XML in Web services is a message-oriented, document-based one rather than one based on remote procedure calls.”
[Scripting News]
Security Review of 802.11b: an excellent rundown by the author of a recent O’Reilly & Associates book on 802.11b.
Sean McGrath speaks to the dark side of XML tagging in this cogent article. He’s right. When the people who are making the dogfood don’t have to eat it, there’s bound to be trouble.
For example:
“In XML land, not only are the equivalent of “global variables” created with wild abandon, but their creators often see fit to invoice based on the number they create for you. An unfortunate schism exists in XML software development between the team that develops the schema and the team processing the XML that conforms to the schema. Too often, these are not the same teams.”
Chronicle of Higher Ed:
Virginia Tech Police Seize and Search a Professor’s Computer in Vandalism Case
Cracks in the Firewall. Business Week Apr 8 2002 11:58PM ET [Moreover – Computer security news]
Richard Smith via NTBugTraq:
Internet Explorer SuperCookies bypass P3P and cookie controls
There is a significant privacy problem with Internet Explorer
because of a design flaw in the Windows Media Player (WMP). Using
simple Javascript code on a Web page, a Web site can grab the
unique ID number of the Windows Media Player belonging
to a Web site visitor. This ID number can then be used just
like a cookie by Web sites to track a user’s travels around
the Web.However this ID number becomes a SuperCookie because it can be used
by Web sites to bypass all of the new privacy and P3P protections
that Microsoft has added to Internet Explorer 6 (IE6). IE6 ships
today with all Windows XP systems. SuperCookies also work in all
previous versions of Internet Explorer with all older versions of
Windows.
You are currently browsing the archives for the LINKS category.
