Archive for the ‘Security’ Category
Tuesday, April 22nd, 2008
Normally I would abstain from pointing out security issues on other's websites, but since this bit of code provides absolutely no security at all I can do so with a clear conscience. The bit of code below is from my former banks personal account login. I quickly changed ...
Posted in Programming, Security, Software | 1 Comment »
Sunday, November 25th, 2007
I noticed this interesting entry in my server's access log today. I certainly have phpMyAdmin running at that location, but you can't get the process list unless you login.
66.249.70.89 xxxxxxxxx.com - [21/Nov/2007:13:43:18 -0800] "GET /MyAdmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=a1bb5490499a10bb493edc160625e33b&kill=49481 HTTP/1.1" 404 345 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
You can do two things at ...
Posted in Security, Web | No Comments »
Thursday, November 15th, 2007
I got an invitation to take the Paypal Anti-Phishing challenge. It's all of 5 questions long, but it's a neat way to educate user's about phising.
Posted in Security, Web | No Comments »
Monday, October 1st, 2007
I know what your thinking... "I thought OpenID made phishing worse!" With the current state of things this can be true. Any site can easily pose as an OpenID relier and then redirect you to a fake Identity provider that looks like yours. The good news is OpenID will ...
Posted in OpenID, Security | No Comments »
Sunday, September 9th, 2007
I just got a PayPal Security Key and I've been playing with it the past few days. I have never had the privilege (or burden) of carrying a hardware token before, but I was more than willing to pay $5.00 for a new gadget that just happens to make ...
Posted in Security | No Comments »