Getting free gigabytes of secure online storage... by cleaning trash

in

For a few years now I've been using Wuala as my online storage of choice, mainly because of its security related features. Recently it approached the limit of my purchased space...

Zaproszenie do udziału w konwersatorium „Polityka ochrony cyberprzestrzeni"

ISSA Polska objęła swoim patronatem konwersatorium poświęcone „Polityce ochrony cyberprzestrzeni", serdecznie zapraszamy do udziału w konwersatorium. Wstęp wolny.

Polemika - Unizeto o podpisie elektronicznym

Poniżej publikuję w całości odpowiedź Tomasza Litarowicza z Unizeto na mój artykuł sprzed miesiąca, będący z kolei komentarzem do artykułu p. Litarowicza w Computerworldzie.

Do Not Track (DNT) tutorial for Django

in

Do Not Track (DNT) HTTP header is already supported by many browsers, but it was not really clear what it is supposed to do apart from expressing user's preference not to be tracked. I think it may help to demonstrate this on an example.

Content Security Policy 1.1 kicking off

While support for "standard" Content Security Policy is not really consistent among browsers, elements of CSP 1.1 start to appear in wild.

Most common attacks on web applications

This page contains most currently known quantitative data sets on web application attack methods, collected as result (and as an addendum) to a discussion on new OWASP Top 10 in early 2013. Note that these data sets are sometimes of very different nature and often cannot be directly compared. Nonetheless, I strongly believe in most cases they give a pretty good picture on how are applications attacked in real life.

Rosnąca popularność podpisu elektronicznego

W niedawnym artykule opublikowanym w Computerworld przedstawiciel Unizeto mówi, że "zainteresowanie e-podpisem rozwija się na całym świecie". Czy faktycznie?

If you see BEGIN PGP SIGNED then your email program is broken

in

XKCD has posted a nice cartoon that demonstrates a fundamental flaw in how security experts treat those who they should protect — the end users.

The mess with X-Frame-Options: ALLOWALL

Seemingly a quite new invention, X-Frame-Options option "ALLOWALL", comes amid the standardization process of X-Frame-Options header.

So what are the "most critical" application flaws? On new OWASP Top 10

Ongoing work on the new issue of OWASP Top 10 gives us an opportunity to perform a reality check on the data it was based on, especially order and importance of vulnerabilities. All that reduces to a simple question: how do we measure "criticality" of an application issue?

Should you use MD5 and SHA-1 hashes for file integrity?

The Mandiant advanced persisten threat reports were published on a website along with MD5 and SHA-1 hashes intended... actually, to do what?

Presenting WebCookies.org

If you're looking for a quick way to list all cookies used by a specific website you should try WebCookies.org.

Confusion over AUTOCOMPLETE=OFF attributes in HTML forms

in

Before HTML5 location and scope of the autocomplete attribute was not really standardized, which causes some confusion both among programmers and pentesters.

SharePoint and FrontPage Server Extensions in security scanner results

in

A Web site based on SharePoint Team Services™ from Microsoft is built on top of both the Microsoft FrontPage Server Extensions — this introduction from Microsoft article on SharePoint sounds quite scary in the beginning, if you know security history of FrontPage extensions.

Polish Trusted Profile signature reaches 100k users

in

In 2011 Polish government introduced a new, simpler method for authentication of official communication with governmental offices — the Trusted Profile (Profile Zaufany). In 2013 it has crossed 100'000 users mark.

Syndicate content