The link pages on this site are a simple dump of my pinboard bookmarks. This allows me to search them from this site and ensures I have a backup, but it remains much easier to browse them on the pinboard site (via previous link). Btw, I highly recommend pinboard. They provide simple no-nonsense functionality, the pinboard blog is refreshingly honest and their support is quick, friendly and helpful. It's well worth the small cost. And in case you're wondering, I am not affiliated with pinboard in any way - I just like the cut of their jib!
Links tagged with 'security'
Antivirus news. This site periodically releases comparison tests of antivirus programs (on Windows at least).
A guide on developing secure web applications from the Open Web Application Security Project.
A javascript library that can handle large numbers and do RSA encryption in the browser.
Marc Tobias' blog on engadget about lock security. He's a lock picking expert, amongst (many) other things.
Marc Tobias' blog about lock security. He's a lock picking expert, amongst (many) other things.
Online test to see whether your mail server is an open relay hence open to abuse.
Don't trust any software unless you (or others) have read the source.
Wordpress, the blogging platform, is not very secure in comparison to other platforms. This is not a surprise given its popularity.
An informative Ruby on Rails security presentation.
Article about file permissions with Apache.
Ditch IE.
A very good, to the point article on securing SSH.
A blog about identity on the web, by Dick Hardt (yes, really!), one of the leading authorities on the subject.
How to communicate with your server from the client using javascript. The article includes mention of which browsers support things like adding iframes and scripts.
Did you know that your history can be seen by a 3rd party site, using a CSS hack that doesn't require any Javascript? Here's the test page. Don't do there if you don't want to see it work!
A nice introduction to secure distributed computing with a capabilities system, from the E wiki (E is an object-capability language).
An example of javascript hijacking with details on how to protect youreslf.
Prevent cross site request forgery (CSRF) with formkeys, aka one-time tokens - much like a capability based security system.
A great idea for a standard to secure distributed web services using existing technologies.
Overview of some basic, though prevalent, security threats to web-based distributed computing. (Watch out for the subtitles - an unfortunate consequence of having an American interpreting an Englishman - e.g. "HTTP version" => "Hasty e-version")
Covers many (hopefully most) issues with Javascript security and how to deal with them.
Why you should be very wary of bookmarklets.
Description of the 2005 javascript myspace worm, which illustrates how you can get around security controls with a keen mind and perseverance.
Information about cross-site request forgeries and how to prevent them.
Session riding and how to avoid it using tokens.
Advice for writing non intrusive, secure javascript for things like web badges or boodmarklets.
Essential to stop spam if you own a domain.
Why asking your site users for passwords to third party sites is wrong.
Some simple steps to make Apahce more secure, e.g. to prevent Apache accidentally serving php code as plain text.
A useful checklist for Ruby on Rails application security.
A video giving a high level explanation of how the OpenID protocol works with Ruby.
A machine readable format for expressing privacy practices, for use on websites so that browsers can intepret the information and automate privacy-related decisions. e.g. no need to read a privacy policy if the browser can interpret a website's intention.
Great article on OpenSSH. First part of a 3 part series.
Why Windows handling of filenames containing spaces is dangerously bad.
How to code destructive links in Ruby on Rails (i.e. use button_to rather than link_to).
As well as offering Internet services, they provide research data and analysis on many aspects of the Internet.
Test whether you're using the Tor anonymity proxy or not.
How to use ssh and scp without a password by creating a public key.
How to encrypt and decrypt files using openssl, and much more.
Review of the top 100 network security tools (free or commercial), as voted on by 3,200 Nmap Security Scanner users
Antivirus Software - Eliminate Spyware, and Adware with NOD32 Antivirus from ESET.
WPA Supplicant for Linux, BSD, and Windows (IEEE 802.1X, WPA, WPA2, RSN, IEEE 802.11i)
Tags: (none)