Skip to content

{ Tag Archives } security

A successful first FLOSSHack

A few months ago Tim Morgan emailed the Portland OWASP chapter and suggested that we organize a meeting where everyone could get together and audit some existing software. When vulnerabilities were found we would follow the responsible disclosure life cycle and notify the maintainers before publicly disclosing. It would be a fun way to spend […]

Also tagged , ,

md5verify: A script to automatically verify file integrity

I have a lot of files on my computer. Email archives, personal documents, stuff for work, photos I’ve taken…the list goes on – I’m sure most people reading this are in a similar boat. On occasion I’ve found some files to be missing or corrupt which is disturbing but is probably something to be expected. […]

Also tagged , ,

How addons.mozilla.org defends against XSS attacks

One of the things that gets a lot of news time these days is XSS. There are a lot of places that explain what it is and how to prevent it but most are oversimplified or don’t provide real world examples. I thought I’d explain a couple of the ways AMO attempts to prevent it. […]

Also tagged , , ,

Your signature matters (sometimes)

Some quick background for those who don’t live in Oregon: In Oregon we do our governmental voting by mail and we’re given the option of sticking a stamp on it and mailing it or dropping it off at any of the ballot drop boxes scattered around the counties. What we mail back consists of the […]

Also tagged

Committing to SVN securely from a web application

Verbatim is the second project I’ve been the lead on recently where the requirements included people committing to SVN as themselves via the application. At first glance this means storing the authentication tokens of the user in plain text since we’ll need to pass them along to SVN whenever they commit. I wasn’t happy with […]

Also tagged , , ,

Another warning option for submitting forms?

These are our current options for submitting forms in Firefox 3: I don’t know anyone that has the “I submit information that’s not encrypted” option checked. We used to prompt for submitting information that was unencrypted, next we added an option on the dialog that disabled the warning (and was checked by default), and finally […]

Also tagged ,