-
Protecting Your Cookies: HttpOnly (102)
on
Coding Horror (304) permalink
So I have this friend. I've told him time and time again how dangerous XSS vulnerabilities are, and how XSS is now the most common of all publicly reported security vulnerabilities -- dwarfing old standards like buffer overruns and SQL injection. But will he listen? No. He's hard headed. He had to go and write his own HTML sanitizer. Because, well, how difficult can it be? How dangerous could this silly little toy scripting language ...Shared by _dot_ (0) | Balu | (0) Adam (17) Alan (24) Alastair Binns (3) Alec Resnick (102) Alex (4) Alexandru Savu (32) alfred westerveld (24) Andy (8) Andy Davies (4) Anthony Bowyer-Lowe (5) Arik (10) Artem (49) atul (71) Aviv (0) Azeem (35) Barry Ferg (13) Brakara (1) Cade (4) CannonGod (199) Catto (4) chimeric (13) Chris (10) Chris Newman (0) cnu (1) Compuwizard123 (16) D. Hayes (2) D. Lambert (2) Daniel (7) Daryl Milne (2) David (2) dd (7) Denis Gobo (22) Dennis (16) Denny (3) Dominik (27) Drew (2) FX Poster (5) iamnoah (0) Ian (6) James Mead (0) James Smith (1) Jamie Eisenhart (2) Jason Cartwright (8) jerobins (14) Jeroen (4) Jim (4) jmserra (31) jmvidal (13) Joel (1) John (0) John Higley (0) Jorriss (9) Julien Tartarin (1) Justin Yost (48) Karol F (14) KC (0) kebernet (73) Kevin (14) LouCypher (34) Marcio (0) Masakuni Kato (8) mathowie (2) Matthew Schultz (5) Mike Aizatsky (0) Mike Stenhouse (6) MikeG (3) Mone (6) Morton Fox (43) mucit (5) Nikki (67) OJ (0) Otto R. Radke (2) Paul (6) Paul Greeve (4) ProfVegas (144) ritesh (10) rochoa (2) SamHyland (0) Santosh (5) Scott (0) Shaun (8) smerrell (2) smuggyuk (2) spoon16 (36) Srinvard (28) Takayuki (25) tig (27) Tim (27) Tim Disney (0) Tim Pickles (5) TiTi (80) Tom Drummond (4) Tony Ruscoe (13) Uri (8) vevck (2) William Spaetzel (44) Yaakov (10) Yuvi (26) zapnap (20) 狮子真好吃啊 (5)- Mone said: manca un punto, poter accedere ai cookie tramite javascript può servire a proteggersi da XSRF.HttpOnly cookies impediscono questa difesa ma non impediscono XSS, 'bloccano' (lui stesso parla dei buchi nelle attuali implementazioni) solo l'acceso a un'informazione delle tante disponibili a un javascript iniettato. Un esempio banale, il codice attaccante può sempre simulare una finestra di login falsa all'interno di una pagina valida...
- jmvidal said: Good tip.
- dd said: When you tag a cookie with the HttpOnly flag, it tells the browser that this particular cookie should only be accessed by the server. Any attempt to access the cookie from client script is strictly forbidden.
Contribute comment -
Tyrone Georgia finance director: "We’re broke" (2)
on
Mish's Global Economic Trend Analysis (6) permalink
On May 7th city of Vallejo, California voted to declare Chapter 9 bankruptcy. Tyrone, Georgia could be next.The Citizen is reporting Tyrone finance director: "We’re broke"The Tyrone Town Council got a huge dose of reality Thursday night. “We’re broke,”said Finance Director Mary Sturm. Sturm said the city’s operating costs per month are $275,000 per month, but the town has only collected $53,000 in revenue this month.The economic climate has taken its toll on the town, ...Shared by Andrew (1) KC (0)Contribute comment -
Is This the End? (6)
on
Andrew McAfee (24) permalink
I'm thinking about using the following two quotes and two paragraphs to wrap up my book on Enterprise 2.0. What do you think? Do the quotes capture something essential, or at least interesting, about the organizational use of emergent social software platforms? Are there better ones that I should use instead? What words from which smart people guide you as you think about the implications of the new technologies? Leave a comment, please, and let ...Contribute comment -
Game Sites Design Survey: Examples and Current Practices (38)
on
Smashing Magazine (623) permalink
Written by Youri Souiah Game websites are a little bit of a mystery. You won’t find them in the popular CSS-showcases since they are seldom fully CSS-based; however, they also rarely show up in sites that collect best Flash sites. The FWA, for example, has added only one game site this year. This is odd, because there are usually roughly hundred quality titles released each month, each with their own website. During the research I’ve ...Shared by Akai (4) Alireza (21) andrefaria (16) andrin (0) Apostlion (0) Bobby (11) Brent the Closet Geek (12) Calvin (3) Carlos M (1) Chandoo (9) Dani (3) Fred (6) Htoo Tay Zar (1) jcsizmadi (4) Jose Viveiros (3) KC (0) Keith (8) kendra k (0) Kevin Cao (16) kidakaka (0) koovus (50) Lightoy (0) mahmoud (2) Marcel (21) mark (1) maYO (1) pete (11) Peter Dremstrup (0) Ravinder (0) Rumble (11) Tim Harrison (0) underlost (1) Uno (5) Uri Chachick (3) VampireNeo (2) Venci (7) yasuhiro nishioka (18) Zoram (19)Contribute comment -
Enterprise 2.0 Startups - Know Your Market (10)
on
Instigator Blog (7) permalink
I started my first company in 1996. A couple years later that company morphed from a service business (offering web design and development services) into a product business with the launch of our web-based project management application. Those were the early years of Software-as-a-Service (SaaS). In fact, we were referred to as an ASP (Application Service Provider) back then, and the biggest hot button issues were the fact that implementing web-based / hosted solutions was ...Shared by Ananya Walia (590) Axle Munshine (6) Bulent Duagi (0) Eric Olson (1) History of Blogging (165) KC (0) Marie Casas (15) Rui Costa (3) Sam (13) Sue (11)Contribute comment -
http://www.pr-squared.com/2008/08/actionable_listening_vs_active.html (13)
on
PR Squared (20) permalink
During this week’s 3rd and final Radian 6 Twebinar, the theme was “Listening.” As I prepared for my own role on the call with Chris Brogan, poring over some industry and agency examples of “good listening,” it occured to me that there are two types of listening. There’s “Active Listening.” That’s what most savvy brands are doing. It’s mostly about Social Media Monitoring. “Quick! Somebody said something about us! Say something back!” I liken it ...Shared by cooperative (41) Ion (3) Jason (28) Jeremy (12) Joe Schmitt (0) KC (0) MAlbano (5) Megan (8) Mike Ashworth (2) Peter Einarsson (2) Shannon (0) Walter (13) Wismark (0)Contribute comment -
Ecommerce Strategy and the "Gun to the Head Theory" (1)
on
Marketing Headhunter.com | Recruiters for Ecommerce (2) permalink
CHICAGO, IL - Today I got a call from a friend who runs the online retail store of a major consumer brand. Mostly, the brand sells through department stores, but they did $24 million online last year and were budgeted to grow by 20% this year to $29 million. That was until last May, when my friend lobbied the CEO for funds to make long-overdue investments to the company's ecommerce infrastructure. The CEO had the ...Shared by KC (0)Contribute comment -
Google Insights: Search Trends Revealed (1)
permalinkGoogle recently released its Insights product, which Andrew Chen describes as an insanely useful product. If you are a trendfollower or coolhunter then this is absolutely true. Be warned though, as with many things in life, you get out what you put in - read Eric Schonfeld’s take on inputting “twitter” rather than “twitter.com” for a true representation of the microblogging tool’s US coverage.Shared by KC (0)
- KC said: this is cool - HT: Rand
Contribute comment -
Friendability (8)
on
ct2 (1) permalink
Are you my friend? Should I friend you? Or you me? I have a very large backlog of inquiries on Facebook, MySpace, LinkedIn and all the rest. Deciding friendability has become a new and necessary social skill. Here is a hierarchy that works for me: Friend -- Most of the people that Facebook calls "friends" I call Acquaintances. Actual Friend -- Someone whom I've had a meal with, or has visited my home. Real Friend ...Shared by Alexander van Elsas (0) Dominik (3) John (12) KC (0) Marina (0) microrahsheen (21) Simon (1) Tad M (0)Contribute comment -
LULZ in the mail (1)
on
Blog News · LOLCODE (2) permalink
LULZ in the mail LOLCODE as a lingua franca to rival XML marches on… Email marketers MailChimp have not only implemented a LOLCODE API for access to their backend, but have also released an interpreter to take advantage of the API. It introduces some interesting concepts to handle passing data via LOLCODE API calls. It's something to consider until we have our own equivalent to JSONP or the like. (Bare eval()s? DO NOT WANT!) Check ...Shared by KC (0)Contribute comment - Quote of the Day… (1)
-
Why Haven’t You Seen The Dark Knight? (1)
on
Pravda on Media, Technology, and Rebel Filmmaking (0) permalink
A funny article about this amazing movie can be found hereShared by KC (0)Contribute comment - this is why Zappos need to deliver to Australia (1)
-
ANZ Technology Kick Off Data Security and PCI DSS (1)
on
The Red Room (1) permalink
I would like to thank Michael Ryan from Vectra Corp who presented at Oracles Technology Summit in Sydney this week. Mike explained how PCI DSS is impacting organisations in Australia that store credit card details. Mandatory compliance will be introduced later this year around PCI, this means that organisations that have been delaying their complaince run the risk of a fine or multiple fines being issued by MasterCard or Visa. At worst merchants may loose ...Shared by KC (0)Contribute comment -
Agile 2008 Thursday and Friday Sessions to attend (1)
permalink...ok I'm running out of steam here, this one will have little in the of extra notes sorry. 8:30 - 10:00 Using Agile engineering tools and practices to achieve Organizational Change: Christian Gruber "Christian will examine these practices, their effects, and provide examples where such a grass-roots approach helped convince management to support or pilot fully agile approaches. He will also provide counter-examples and anti-patterns which can often lead to such an effort being blocked. ...Shared by KC (0)Contribute comment
-
Think Design: Brand-Consumer Interaction On A Whole New Level (1)
permalinkAfter interviewing Donald A. Norman, author of Emotional Design (and other great books on the topic) for my 9 Minds On Marketing eBook a few years back, I was sold on pursuing a more design-oriented way of thinking and writing. A recent BusinessWeek article by Jeneanne Rae about how P&G and “design thinking” shows that, now, even the biggest traditional brands are learning to approach business with more innovation and creativity as well. Let the ...Shared by KC (0)
- KC said: important to note that a rough prototype elicits better participation & feeling of co-creation
Contribute comment -
Delicious 2.0: Who bookmarks any more? (25)
on
mathewingram.com/work (22) permalink
When I saw the news about the launch of Delicious 2.0, I can’t say I felt a huge wave of joy, despite the fact that I am what most people would probably consider a hard-core Delicious user, with about 10,000 webpages saved since I started using it. But not only didn’t I feel any joy at the news, I didn’t really feel anything at all. In part, that could be because the new Delicious interface ...Shared by Adam (10) Andreas (8) Bob Caswell (15) britta (0) dobata (324) Evgeni L. / Reepicheep (8) Franklin P (0) Jeton (5) k1v1n (3) KC (0) kliger (6) louisgray (115) Matt (10) nik (3) Ontario Emperor (52) Rob (116) Sam (13) svartling (24) Terence (6) Tim (1) timmyt (12) Tom (7) Tommaso (3) Wyctim (18)Explore read five notes- KC said: yep delicious is soooo 2 years ago - I moved on ages ago
- svartling said: Yeah, me too.
- Ontario Emperor said: Originally shared by robdiana
- Wyctim said: milyen igaz, lehet én is abbahagyom.
- Andreas said: As the author I tend to use various sharing tools more than traditional bookmarks then use FriendFeed's search when I need to refer back to them.
Contribute comment -
xkcd: Cautionary (370)
on
xkcd.com (705) permalink
Shared by abhidg (0) Abhinav (3) Abhinav Modi (3) adam (728) Adam (1) Adam (16) Adrian (3) afreytes (0) Aga (12) Akhmad Fathonih (8) Alcides Fonseca (12) Alegrya (1) Alex (8) Alex Dumitru (210) Alex Lomas (4) Alexandru Savu (32) alice (8) aliencam (1) Alpha (1) André (3) Andrew Phillips (4) Andrew Schott (48) Andrew Terry (25) Andy Yates (0) Aneel (16) ani625 (67) Antti Lindström (7) aqeeliz (13) Art (19) arty (16) Arul N S (9) ash (45) Ashish Mohta (57) atul (71) Aurélien Bompard (7) Avi (461) bafonso (0) Bahram (0) Becca (3) beebz (7) ben (14) Ben V (5) Benjamin (824) bhaberer (18) Bill (0) Bill (2) Bill (1) biochimia (1) bittin (153) Blaise (36) Blake Matheny (1) Brent Maxwell (0) Brian J. Cohen (7) Brian Luft (6) Brian Rowe (Sarterus) (12) Burad (3) C.M (2) Carl (5) cassio (0) cedric (9) cesaracardoso (69) Cezary Morga (3) Chad (130) chexov (4) chills (1) chimeric (13) Chris (3) Chris (3) Chris (14) Chris (1) Chris (10) Chris Gansen (4) Chris K (2) Chris K (2) Chris Ryall (4) Christopher Granade (2) Chung (111) Cigar Jack (19) Cindy Waters (0) cirpo (8) cisellis (14) clickykbd (1) cnu (1) Cocoy (14) Compuwizard123 (16) Cory Carrier (3) craniac (24) Cristos L-C (13) Dan Russell (12) Daniel (12) Daniel Matthews (14) Daniel Stinebaugh (25) Darren (6) Dave Koss (30) david (3) David (10) David (2) dcalavera (3) Dean (0) denver_14 (13) Derrik (28) Digg Boss (641) directeur (0) diwakergupta (4) Doug (23) Doug Stewart (10) Drew Olanoff (125) Eater (20) Eckrall (0) Edo (9) Edouard (18) einstein (9) eMich (5) ephes (5) Eugeni Dodonov (6) evo (1) ewbrown (4) Federico Pistono (4) ferdhie (0) FINiK (0) Flint (1) Frank (2) Franzel (0) gabopagan (37) George Sudarkoff (2) Glenn (2) gort581 (27) Goyal (3) Graham (3) Grant (13) GregEh (2) gtanuel (1) Haris (25) Harper (75) Hashim (18) Heather (5) Heather Cee (1) heidigoseek (12) heiz (18) henrym (1) hominid todd (15) iAdramelk (0) Jake (0) Jasdeep (1) Jason (8) Jason Joo (48) Jeff (10) Jeff (124) Jeff Rasmussen (8) Jeffrey (5) Jenner (6) Jeremy (2) Jeremy (0) jhota (2) Jiangyan (7) Jim Regan (0) Joe Smith (1) Joel (12) John (1) John (0) John (7) John (12) John Halton (2) JohnnyG (4) Jon (4) Jon (7) Jon Spriggs (12) Jonathan (30) Jonjon (3) Jonnie (1) jonoabroad (0) Josh (1) Josh Bancroft (22) Joshua (8) Jrod (66) JS (17) Juan Diego (23) JulioHM (30) Justin LL. (21) Justin Yost (48) kaambiz (1) Kai (0) Karol F (14) KC (0) Keef (0) Keener2u (4) kepp (18) kerim (5) Kesor (8) Kevin (14) Kevin Federline (223) kevwil (1) kiOwA (5) kirsty (0) Kluzter (8) kmohr25 (16) Konstantin (0) Kris (10) lak (0) lalui (16) LANjackal (9) Lantash (3) Laura (0) Lee (6) lena (0) Leo K (6) Levon Karayan (11) Liam (3) lnxcwby (4) ludwikc (22) Luke (0) Marco Schwarz (4) mario r (14) Martin Gordon (11) Matias Sulzberger (11) Matt (4) Matt (16) Matt Czech (2) Matt Mueller (11) Matthew (5) Mattia (0) Melkir (2) mezza pazza (2) Mic (5) Michael (13) MidgetWombat (6) MiGri (1) Mike (0) Mike F (377) Mikey (30) mjvm (4) mymotech (14) Nadav Samet (0) Narayan (32) Nat (3) Nate (0) Nathan (0) Nathan Reale (0) natts (1) neeraj (0) Neil (5) NeLaS (1) Ng Swee Meng (9) nicerobot (27) Nick (2) Nick (9) Nick Campbell (5) Nick Sanders (0) NickBoucart (9) Nicole (1) Niko (22) Nishant (5) Nkululeko Masondo (0) norti (18) Offline (0) onurka (9) Oren (13) oyiptong (0) Panayiotis (0) panuta (1) parkylondon (27) Pedro (5) Pedro Pinheiro (0) Pellizzari (3) Peter (0) Peter (1) Phonkmeister (18) Pickles (11) Piers (0) pkj (9) Pramod (21) primary0 (0) ProfVegas (144) Psythor (1) Punkin (10) px (14) Quinton (13) R2 (0) Rafael (7) Rahul Gaitonde (15) Ramcio (0) Raoul (29) rchk (22) Reto (4) Rick Butterfield (27) Rishabh Manocha (9) rkj (4) Rob (1) Robert (0) romain (1) Ross (15) rushabh doshi (6) Ryan (2) Ryan (11) Ryan Handron (2) Sam (2) Sam (7) Sam Harrelson (15) samikki (1) Sandaruwan (16) Santosh (5) sanyam (5) Sarah (4) saxjazman9 (0) Scottie (0) Sean (12) Selena (27) Seth_ (5) Shafqat Ahmed (0) Sharath (12) Sheena (3) Sheila Thomson (1) shrutes (8) SimpleRich (1) siuyee (1) Skrud (3) smirk (0) soody (9) spiri (4) splashme (13) Stavros (17) Stephanie (11) stephdau (4) Steve (6) Steve (5) Steve M. (16) stratus (4) Sumek (18) suren (0) Sutrannu (3) tabo (21) Tal Siach (373) Ted Heideman (8) tim (27) Tim (8) Tim (5) timmow (1) Timothy (0) Tom (10) TOMHTML (6) Tor Erling (69) Travis Swicegood (15) trevor (4) Tsudohnimh (17) Tyler (7) Ubqtous (11) udim (1) unicyn (12) vchovil (0) Victor (29) Vorak (7) vyom (4) Walter DeFoor (28) Warren (2) Whiz (20) Wilka (2) Will (1) Wolfger (10) xabbott (0) Yann (34) yjsoon (8) Youlay (7) ysamjo (12) Yuvi (26) Zach (49) Zach Beason (10) Zeca (13) zemlanin (16) ziizii (1) Zoram (19)Explore read 29 notes- alice said: Ubuntu is my gateway drug.
- Abhinav Modi said: Linux has come a long way, but such fears still persist..
- Bill said: Sorry Dave H.- hope switching to Linux hasn't been too painful!
- Brian Rowe (Sarterus) said: WAY too true
- Graham said: That was me in first year... 6 months into Linux I was up overnight tweaking kernel options.
- Ryan said: Ubuntu hurts my eyes on my laptop. I think I'm only two or three weekends away from resolving the problem.
- timmow said: I had a flatmate like this...
- Chris said: Ha, so true...
