More insecurity at The New York Times. Glad I already unsubscribed. As mentioned here earlier, NYTimes.com does not protect the user's data it has. It doesn't even protect it's employees and sources data. As I have said before: front end insecurity (i.e. XSS vulnerablities) can foretell more insecurities throughout the organization. If a company doesn't keep up-to-date on security measures currently available, it can't be trusted with your data.
Tech in the country. Programming & Technology inovations.
Wednesday, February 27, 2002
Wednesday, February 20, 2002
Tuesday, February 19, 2002
Wednesday, February 13, 2002
Microsoft Passport / IM Virus Sweeps Net. I suggest you go offline if you are running MS Instant messenger. This virus travels through the hole in IE and accesses your Passport email address, sends the virus link to all your buddies and sends your email off to who knows where!
Tuesday, February 12, 2002
Futurama got canceled? - Oh no!!! That's one of the few shows I watch! I'll have no reason to watch fox anymore. Write your fox person if you want it to stay on the air.
Friday, February 08, 2002
Execution of exe via HTML in IE 5.5 and 6.0 has been found. This is quite a security hole if true. While quite a complex seeming attack involving js and loading of temporary files, attack code could be small 500byte file.
Thursday, February 07, 2002
CSS problems in pop servers, which then make the whole domain insecure. One can force a web browser to send commands to a POP (mail) server. The POP server of course was never meant to be CSS safe. Time to put a fix in the browser? I've been telling MS for months. Update: Let's call Cross Site Scripting XSS from now on.
Developers wanted! It seems that the economy is starting to turn around and companies are melting their hiring freezes. The one I work for is currently looking to hire two dozen folks. If you can program java, work in NJ and be able to handle a regular workday, let me know!
Monday, February 04, 2002
Microsoft .NET has CSS holes!! This couldn't be worse if you actually want to keep your data secure. Like I said before. DON'T TRUST MICROSOFT WITH YOUR DATA!!! If you do, you are an idiot. Really. Oh, yeah, and microsoft.com has holes as well, and I told them about MONTHS ago. Maybe they will spend this month closing this hole, but you can believe they won't get all of them.
Saturday, February 02, 2002
NewsBytes: Top News Sites Close Script Hacking Hole discusses the "subversion of information attacks" that are possible with Cross Site Scripting. Covering the holes in nytimes, msnbc and washingtonpost.com.