Let’s face it. We’re all losing the password length arms race. Today’s GPUs can process two teraflops (a trillion floating-point operations per second), which means that my nephew’s high end gaming PC has roughly the same processing power as a multi-million dollar super computer did ten years ago. Thanks to the power of the GPU [...]
Browsing Posts in Security
Today’s featured website: European Visa Online I visited this site for the first time today and was greeted with this page. Seriously? In case you’re curious, I’m running firefox 3.6.3. Web developers and designers have scorned and mocked IE 6 for years now due to hoards of bugs and non-compliant behavior that cause endless development [...]
What happens when you mix one of the most evil things in music with the evil that is cross-site scripting? Let’s just say that the potential for shenanigans is endless. Observe the result of entering the following embed tag into an editable column for one of our internal web apps. 1: <embed src=”http://www.youtube.com/v/XZ5TajZYW6Y&hl=en_US&fs=1&rel=0&autoplay=1″ type=”application/x-shockwave-flash” width=”640″ [...]
It appears as though I made a rather bone-headed mistake when configuring Subversion at work a few weeks ago. Since we were not exposing our SVN server externally and decided that sending our code files in plain text across our internal network did not represent a significant security risk, we opted to not use SSL as a [...]
Keeping track of my passwords has been a nagging problem for me for a long time, but I only recently got around to doing something about it. I’m ashamed to admit it, but up until now I’ve relied on a few popular but extremely insecure strategies to manage my various online identities. Reusing passwords – [...]
