In a Tree, With a Bow…

September 30, 2006

In case you were wondering what the Technosailor does on occasion during the fall, here’s an idea:

I went bow hunting this morning and as usual, saw nothing and it rained. It seems everytime I go, the conditions are just not favorable. It sucks to get up at 4:30am for this. :)

[...]

3 comments Read the full article →

Warrantless Wiretaps

September 30, 2006

Still avoiding blogging on politics, I’ll merely link instead. It’s Saturday after all. Mark nails the principles at play in the new law passed by the House to legalize wireless wiretaps without a warrant.
Republicans can call it whatever they want. All that does is make them liars, in addition to being traitors to [...]

30 comments Read the full article →

WordPress Plugin Security: What is Dangerous?

September 28, 2006

Earlier this week, I began a series on WordPress plugin security. We established that the golden rule of web security is to check the “gateways”. That is, watch the areas of a website that an attacker can use to send data to your website. I’d like to elaborate more on this today.
WordPress support maven, Podz, [...]

1 comment Read the full article →

Obsessed with Dark News

September 27, 2006

Our society seems to be obsessed with dark stories. The latest CNN.com news stories seem to tell the story:

Report: T.O. tried to kill himself
Police: 2 Sago Mine workers kill themselves
Opera canceled over fear of angering Muslims
Wife dead, husband running; kin scared to talk
Clouds of locusts descend on Cancun
Widow: ‘Croc Hunter’ death [...]

42 comments Read the full article →

Confusing Digg

September 25, 2006

I had hopes that my story on the Democracy XSS exploit would make the front page of Digg. I felt it was highly important that people were aware of the problem and the best way to get eyes on the issue was via Digg. I’ve never gone through a massive Digg and expected the story [...]

27 comments Read the full article →

WordPress Plugin Security: The Golden Rule

September 25, 2006

As promised, today I begin an open-ended series on WordPress plugin security. How do you know what is secure? What tell tale signs might there be? How to train an untrained eye on code? But before we begin, we must establish a premise.
There are many kinds of security vulnerabilities. The most common vulnerabilities today lie [...]

1 comment Read the full article →

Understanding Implications of WordPress Plugin Security

September 23, 2006

Early last year (an eternity ago, it seems), I wrote a series on PHP security that continues to be one of the top recipients of search engine traffic. Specifically, we talked about register_globals, remote file execution and the dangers of FTP.
Yesterday, I posted details about a cross-site scripting (XSS) exploit in a popular WordPress plugin [...]

19 comments Read the full article →

Legos

September 23, 2006

When I was a kid, I collected Lego sets. I loved building the sets (and of course tearing them down and building other things with them as well). So I had a bit of a nostalgic moment yesterday as I stopped and picked up a lego set for my son and I to build. Really, [...]

8 comments Read the full article →

Democracy Plugin XSS Vulnerability ALERT

September 22, 2006

Last week, Darren McLaughlin scooped a story regarding the very popular Democracy plugin for Wordpress. You can read his findings about how the execution of the plugin may cause all of your sites pages to be dropped from search engine indexes.
When it rains it pours because last week, we discovered an XSS exploit in the [...]

98 comments Read the full article →

Why Release Software Vulnerability Details?

September 22, 2006

For more than a week now, I have been aware of a very serious security flaw in a popular WordPress plugin. When a security flaw is discovered, there are a number of steps that must be taken to defend against a malicious hacker exploiting the flaw.

Secure affected sites against such an attack.
Notify software developer of [...]

72 comments Read the full article →

You Still Can’t Beat Old Fashioned Human Intuition (or Why Diebold is Screwed)

September 21, 2006

Who here remembers ‘hanging chads’? Anyone? Show of hands?
The election of 2000 and the uncertainty that followed election day played a great deal in dividing this country. Recounts, court rulings, hanging chads, pregnant chads (who knew guys could be pregnant?) and of course a technology-crazed society (anyone remember 1999?) played into the thrust for electronic [...]

8 comments Read the full article →