Tag Archives: security

sandbox(7)

Posted on June 2, 2009 by Dominic Mitchell

Like a lot of people, most of my Unix knowledge comes from an early reading of Advanced Programming in the UNIX Environment. This is an excellent tome on the interfaces provided by the kernel to programs on a Unix system. … Continue reading →

Posted in Uncategorized | Tagged osx, security, unix | 1 Comment

Cross Site Scripting, again

Posted on April 14, 2009 by Dominic Mitchell

Twitter all clear after worm wave Twitter has been given the all clear after a worm infected “tens of thousands of users”. But experts say the attack could have been much worse. Another day, another XSS hole. It reminds me … Continue reading →

Posted in Uncategorized | Tagged security, xss | Comments Off

Jasypt++

Posted on November 8, 2008 by Dominic Mitchell

Once again, jasypt (“Java Simplified Encryption”) makes me smile. Java comes with a comprehensive set of encryption utilities: JCE. I had to do some decryption the other day and ended up with this code. public class Decryptor { private static … Continue reading →

Posted in Uncategorized | Tagged java, security | Comments Off

Postfix 2.5.1 TLS on FreeBSD

Posted on July 26, 2008 by Dominic Mitchell

This is one of those things that I have to put up there in case anybody else has the same obscure setup that I do… I run postfix on FreeBSD, using the ports system. This means I have a tendency … Continue reading →

Posted in Uncategorized | Tagged freebsd, postfix, security | Comments Off

Jasypt

Posted on July 22, 2008 by Dominic Mitchell

One more little library that I’ve come to love: jasypt. It’s a simplified veneer over the top of the gargantuan java security apparatus. All I wanted to do was encrypt a String before putting it in a Cookie. BasicTextEncryptor encryptor … Continue reading →

Posted in Uncategorized | Tagged java, security | 2 Comments

Cross Site Scripting

Posted on April 9, 2007 by Dominic Mitchell

I’ve just been listening to Security Now about Cross-Site Scripting. It makes my blood boil. No, not all the ads and endless, aimless waffling. The talk about Cross-Site Scripting (aka XSS) being a problem because code and data can be … Continue reading →

Posted in Uncategorized | Tagged rant, security | Comments Off

mod_security now switched off

Posted on December 2, 2006 by Dominic Mitchell

Last night, I spent a long while trying to get mod_security working on this web server. Installation was simple, thanks to the FreeBSD ports system. Configuration was another matter entirely. Not having much experience of web application firewalls, I opted … Continue reading →

Posted in Uncategorized | Tagged apache, security | Comments Off

System Keychain

Posted on August 23, 2006 by Dominic Mitchell

This morning I was trying to add a new machine to my wireless network. Unfortunately, I’d forgotten the password… To the Keychain Access batcave! Unfortunately, the “Airport network password” is stored in the system keychain, instead of my login keychain. … Continue reading →

Posted in Uncategorized | Tagged osx, security | Comments Off

Rails Security Hole

Posted on August 10, 2006 by Dominic Mitchell

Working round the Rails showstopper. (pdcawley)++ (svk)++ I now have the fixed version of typo (soon to be 4.0.2), around an hour after it was committed. As to the whole “full disclosure” thing by the rails team? They handled it … Continue reading →

Posted in Uncategorized | Tagged blog, rails, security, svk | Comments Off

Rails gets sane

Posted on March 16, 2006 by Dominic Mitchell

Some time ago, I wrote about The Wrong Defaults, explaining how nearly all templating systems for the web default to “insecure”. Well, it looks like some rails people are paying attention: Auto sanitized templates with Erubis

Posted in Uncategorized | Tagged rails, security | Comments Off