Content Security Policy; Great! or Wait?

A couple of days ago I had another look at Content Security Policy, a technology that allows a site to tell a browser resources are allowed to be loaded to protect against XSS and some other types of web application vulnerabilities. CSP was originally devised by the Firefoxians, but is in the process of being standardized […]

Follow-up Friday: Ubuntu Unity, Android security & WordPress Stats

Just a couple of small updates on previous stories to keep you posted really. We’ll start of with Ubuntu Natty Narwhal; beta 2 has been released earlier today. I’ve downloaded a lot of updated packages over the last few days, so I guess I’m on the second beta as well. The Unity launcher now comes […]

Google Security says “Thanks Frank”

A few weeks ago I received the following in a mail from Google; As a small token of appreciation for helping keep Google’s users safe and secure, we’d like to credit you on our website. And indeed, yesterday my name was added to the “Honorable Mention” paragraph on Google’s Security Hall of Fame. I don’t consider […]

iGoogle Facebook gadget security flaw fixed & explained

I just received confirmation from the Google Security Team that the bug I discovered in the iGoogle Facebook Gadget which allowed attackers to log into an other user’s Facebook account bypassing all authentication, has been fixed. So now that the hole has been closed, let’s look at what was happening, shall we? The gadget uses […]

Browser choice, vacuming & security for father-in-laws

Being “the computer guy” in the family might be a pain in the ass sometimes, but trying to help out users that are not tech savvy can be very revealing. Yesterday my father-in-law asked me to take a look at his computer, there was something about the browser that was not right. Turned out he […]

Browser enforced web application security; IE8 safest?

With a notoriously bad reputation for security (or the lack thereof) in Internet Explorer, Microsoft claims to have invested a lot in IE8 security in general and specifically in browser enforced website security. Indeed, according to the product site, IE8: […] helps protect you from today’s threats, including malware and phishing, as well as emerging […]