AlterEgo promises two-factor authentication security without the silly key-fob. Neat.
Matt Blaze computer and information science at University of Pennsylvania and blogs about security at Exhaustive Search. His recent post on mistakes in spying techniques, protocols, and hardware caught my interest: Indeed, the recent history of electronic surveillance is a veritable catalog of cautionary tales of technological errors, risks and unintended consequences. Sometime mishaps lead […]
Most of my work is available publicly, but some development is hosted on a private SVN that’s hidden behind a firewall. Unfortunately, my primary development server is on the wrong side of that particular firewall, so I use the following command to bridge the gap: ssh -R 1980:svn_host:80 username@dev_server.com That creates a reverse tunnel through […]
A quick Google search of klaomta.com reveals more than a few people wondering why it’s iframed on their websites. The answer is that the site has been compromised. Unfortunately for the fellow who asked me the question at WordCamp, solving the problem can be a bit of a chore. Keeping your WordPress installation up to […]
WordPress 2.7 requires that plugins explicitly white list their options using a couple new functions. WordPress MU has required this security measure for a while, and it’s nice to see an evolved form of it brought to the core code. Migrating Plugins and Themes to 2.7 article in the codex offers some guidance, but here’s […]
Presidential Limos are armored, yes, but Gregg Merksamer reveals that George W. Bush’s limos sport five-inch thick glass, more than twice as thick as in Clinton’s limo. Merksamer should know, he wrote the book on so-called “professional cars”. He says half an inch is enough to stop a .44 magnum at point blank range, and […]
I’ve been pretty aware of the risks of SQL injection and am militant about keeping my database interactions clean. Mark Jaquith today reminded me about the need to make sure my browser output is filtered through clean_url(), sanitize_url(), and attribute_escape(). Furthermore, we all need to remember current_user_can(), check_admin_referer(), and nonces.
Corporate networks are defenseless against the growing threat from instant messaging, and the government warns WiFi is insecure and easily sniffed. Experts suggest we take precautions against the growing risk of p2p software that’s exposing sensitive documents and threatening national security. Businesses blame security problems on their employees, their mobile devices, and other consumer technologies. […]