HDIV

Mon, 12/24/2007 - 14:09 — Thad Smith

With the proliferation of web frameworks available to application developers these days I'm surprised that there are not more frameworks like this one. HDIV (HTTP Data Integrity Validator) is a framework that sets out to protect web sites from common vulnerabilities and do so in a non-invasive way.

New OpenID provider makes it *easy* to remember complex passwords

Fri, 12/07/2007 - 13:07 — Thad Smith

There is a new OpenID identity provider on the scene with an interesting twist. This site offers its users a new way to remember your password using inkblots! When you sign up for an identity you are presented a series of inkblots which you record the first and last letters of as a part of your password. For instance:

Best Site

Wed, 11/21/2007 - 14:16 — Thad Smith

This is the best e-Commerce site I've seen in a while. Whatever you do, don't touch the blue cup!

http://producten.hema.nl/

A fun way to avoid phishing scams

Mon, 11/05/2007 - 15:00 — Thad Smith

Carnegie Mellon University recently released an online flash-based teaching game aimed to train users how to avoid phishing scams. This might be a good tool for company administrators to raise awareness about phishing. Can you avoid getting hooked?

http://cups.cs.cmu.edu/antiphishing_phil/quiz/index.html

One of the best applications of Google Maps

Fri, 10/19/2007 - 16:06 — Thad Smith

I ran across this website today and though it was one of the best (and funniest) applications built on Google maps I've seen. Enjoy.

Favorites Gone Wild

Fri, 10/19/2007 - 06:15 — Thad Smith

This article outlines an interesting side-effect of how favorites are implemented. In order to be more accessible, IE allows you to type in the name of the favorite in your address bar. The problem is what if the name of your favorite is 'www.ebay.com'. Can you guess what happens? You got it, typing in www.ebay.com into the address bar takes you to the favorite, not everyone's favorite e-commerce site. This only works if the favorite is at the root of your favorites and this only works in IE.

Try it out:

OpenID Security Concerns

Thu, 10/18/2007 - 16:54 — Thad Smith

A couple of months ago I went to a presentation on OpenID and was initially impressed. OpenID is a system to implement common sign-on (as opposed to single sign-on) across the internet. The idea is that you have one userid/password that all sights use to authenticate you. The userid is a url that is deconstructed to determine which openid provider the credential is associated with. For instance, an openid could be:

http://jsmith.myopenid.com (not mine!)

Security Questions: How To Properly Design Without Breaking Security

Thu, 08/16/2007 - 23:21 — Thad Smith

I've been asked the question on several engagements on how-to best pick security questions. Picking security questions is one of the most important tasks when designing the security of your website or application. Because these questions represent a form of authentication, they should be treated as sacred as passwords. The wrong questions can allow an attacker to gain access to your site with little effort.

Syndicate content