Security and the Net

News and opinions about security, the internet and more

Entries for June, 2009

Browser Security Lessons from the Chrome team

ACM Queue has just added a new paper by Charles Reis, Adam Barth and Carlos Pizano. It expands upon the information published earlier about the effectiveness various browsers’ update mechanisms, adding information about the measures taken to keep users from visiting malicious websites and, more importantly, the ways in which they prevent the inevitable bugs […]

Leave a Comment

New guess about YouTube losses

New research by analyst firm RampRate suggests that a previous report by Credit Suisse that claimed YouTube was losing over a million dollars a day was based on wrong assumptions. The number RampRate arrives at is way lower; they estimate a loss of $174.2 million a year.

Leave a Comment

Belgian government releases source code for election software

The Belgian government has just released the source code for the software used in the 2008 elections to the public. The news was first reported by the Open Source Observatory & Repository Europe; the files are presented in two zipfiles that contain mostly C and C++ source code.

Leave a Comment

50 ways to inject your SQL

No, this is not a list of 50 ways to inject SQL; it’s a link to a “50 ways to leave your lover” parody. The singer won’t win any awards for this performance, but the lyrics are great! Evade the regex, Rex Encode it all in hex Unbalance the quotes, Vinod And change the query […]

Leave a Comment

Should Twitter manage their own hosting?

As several news articles made clear yesterday, Twitter depends on NTT for hosting its website. They have only been with NTT for about a year now; the move there was announced in february of last year. While the move was part of their efforts to make their service more reliable, yesterday’s maintenance issue shows that […]

Leave a Comment

Spammers are stupid

I just found the funniest comment I’ve ever seen in my moderation queue. It appears the spammer didn’t quite understand his automated comment-spam-posting software, so he posted his entire template instead: Hi Fellow Blogger, I’ve never posted before, {but|only} your article was so {good|genuine} I just had to {stop|come} in and say GREAT JOB ! […]

Comments (1)

Apple admits Mac OS users can get viruses

It’s taken them several years to finally get to this point, but Apple has acknowledged that Mac users are not immune from viruses. During WWDC, their Mac OS security page was updated with the following text:

Comments (1)

What if every major browser had the same bug?

Any security professional will tell you that diversity is a good thing; if you use enough different products, it is highly unlikely that all of them will have the same security issue. While this is mostly correct, Amit Klein at Trusteer just released a report (PDF) about a privacy issue that affects all major browsers […]

Leave a Comment

iPhone 3GS security improvements

One of the announcements Apple made during this week’s WWDC conference was that the iPhone 3GS will include an extra security feature aimed mostly at enterprise deployments: “encryption” that will enable a remote wipe feature. The only thing missing are details about what will be encrypted; this text is the only information I’ve managed to […]

Comments (5)

Is a physical server more secure than a virtualized one?

The answer to that question should be obvious, but it became a headline earlier today when word got out about a big hack affecting 100.000 sites. All data for these sites was removed when servers at were brought down by a zero-day exploit in LXLabs’ HyperVM software.

Leave a Comment