security

In this episode: Drupal software update, drupal.org redesign almost complete, rating drupalcon submissions, and Drupal jobs stay steady.

• Continue reading

Google has announced their web browser Chrome. Many are excited while others remain skeptical. Currently I'm both; but a recent discovery has swayed me towards skeptical. Here's why.

• Continue reading

I really don't like Captchas, the squiggly words that many websites use to protect forms from spam bots. Unfortunately, sometimes they are the only thing that can protect a site from clever spammers. Yesterday I heard a great story about reCaptcha, captchas that are used to crowd-source digitizing of old print books and newspapers on NPR. If you have ever tried to use a scanner with OCR, you know that it can be pretty hit or miss.

• Continue reading

Our very own Henry Poole was quoted in a PC World article on Barack Obama's web security:

• Continue reading

This is a short HOWTO guide for users (or previous-users) of Debian, Ubuntu or related distributions on how to guard themselves against the very serious vulnerability in Debian's patch to OpenSSL affecting SSH, SSL and OpenVPN that was disclosed early last week. I know that many Drupal developers are Ubuntu users (though certainly second in number to the OS X users!) so I am adding this to the planet as a PSA!

• Continue reading

Google is announcing Friend Connect tonight, a service advertised to "help website owners grow traffic by enabling any site on the web to easily provide social features for its visitors." Friend Connect employs OpenID and oAuth which is a good start, but how it puts them together is lacking vision and, disturbingly, may raise significant privacy concerns.

• Continue reading

Are you using the same password for any of your Web site logins? I certainly hope not! For those who value security and want to keep all those truly-distinct passwords safe in one place, I highly recommend Keepassx.org. This program is completely free, licensed under the GPL, and works on GNU/Linux, Mac and Windows.

• Continue reading

Seems Billy Hoffman has developed something of an XSS trojan which uses your browser to launch attacks, and log information. It sounds quite scary from the press I've read, but specifics do not seem very consistent. Here is something from the Bio page on ShmooCon where this will be demo'd (but not released):

• Continue reading

43. Solar Designer Alexander Peslyak (aka Solar Designer) is a Russian security expert know for his exploitation techniques and security audit tools. He is the founder of the Openwall Project, which has designed a security rich operating system for servers. ref: http://www.itsecurity.com/features/top-59-influencers-itsecurity-031407/ Solar Designer leads our ASP Technology team and helps to ensure that our servers, which run the latest Openwall version of Linux, stay secure.

At CivicActions we know all about open WiFi networks, and I often get asked by friends about "internet security" and specifically, how secure their activities are when they are on open networks. David Pogue covered the issue in his column today. While he believes his wifi traffic is not worth snooping ("Frankly, I consider the details of my life so boring to other people that I really couldn’t care less. I’ve got nothing to hide, so why not accept it?") he disabused his readers of any notion that their WiFi traffic was generally safe from snooping eyes.

• Continue reading