Tag: security
How I Lost My $50,000 Twitter Username
This is blatantly terrifying. Many times when the average person thinks about “hackers” they think of the persona portrayed by Hollywood and the media. Many times that persona is wiped away when you read even slightly detailed stories about modern security compromises that happen and the explanations behind them. You get just a small glimpse […]
Posted: January 29, 2014
Data Sanitization and Validation With WordPress
WordPress, while often mis-categorized as an insecure platform, has a ton of extremely useful data sanitization functions we can utilize while building themes and plugins. Yes it’s a bit of extra work, but it’s super important. This article outlines quite a few use cases and targeted responses that likely occur on every one of our […]
Posted: January 16, 2013
I Wrote Some Really Dangerous Code
I Wrote Some Really Dangerous Code | Pippins Plugins. I love articles like this. There’s a ton of honesty here and it’s what makes the information conveyed all the more valuable. I think we can all agree that we’ve caught errors just like the author of this piece. It’s a gut-wrenching learning experience. Articles like […]
Posted: November 21, 2012
Lessons in website security anti-patterns by Tesco
Troy Hunt: Lessons in website security anti-patterns by Tesco. This website has very quickly become one of my favorites. The detail and effort put into each of the author’s posts is inspiring, and I really like his writing style. I’ve linked to a number of his recent articles surrounding security best practices, and here’s another […]
Posted: July 30, 2012
Everything you ever wanted to know about building a secure password reset feature
Troy Hunt: Everything you ever wanted to know about building a secure password reset feature. This is beyond in depth. While the article title might at first look like link bait, this author completely follows through on the claim and it’s impressive. In my experience perhaps the most lax implementation of password recovery is simply […]
Posted: July 24, 2012
The Secure Programmer’s Pledge
ircmaxell’s blog: The Secure Programmer’s Pledge. A great reminder about what punch list to keep in mind when building your projects. There are plenty of details to explore for each item in The Secure Programmer’s Pledge but this list alone gives you plenty to work from and lots to trigger additional areas to explore as […]
Posted: July 17, 2012
Here’s why we keep getting hacked
Troy Hunt: Here’s why we keep getting hacked – clear and present Billabong failures. This is a really interesting (and in depth) look at various attack vectors potentially used in any number of the recent password leak outbreaks we’ve been reading about for the past few months. XSS is fascinating to me, I’m quite inspired by those […]
Posted: July 17, 2012
Storing Passwords Securely
Storing Passwords Securely. Given the recent LinkedIn fumble I’m in agreement that it’s a great reminder to refresh our memories on proper security practices. I don’t claim to be any sort of security expert which is likely why I’m linking to articles on the topic all the time instead of writing them, but I do […]
Posted: June 07, 2012
Md5crypt Password scrambler is no longer considered safe by author
Md5crypt Password scrambler is no longer considered safe by author — PHKs Bikeshed. MD5 hashes are still used prevalently today for password storage, even though we’ve been told time and time again that there are easily accessible alternatives we should be using. Sure, many times the implementations are salted but even so, the author himself […]
Posted: June 07, 2012
A Tale of Two Pwnies Part 1
Chromium Blog: A Tale of Two Pwnies Part 1. This is beyond impressive to me. Articles like these remind me just how much smarter the rest of the world is than me. A short time ago, Google hosted a browser hacking competition for Chrome. Within 24 hours, two people were successful in exploiting the browser, […]
Posted: May 23, 2012