Over the past few months, I’ve been playing with a new static analysis tool from Mozilla called Dehydra. Dehydra is a GCC plugin that allows you to write Javascript that can perform queries on the Abstract Syntax Tree (AST) that GCC generates from source files. This lets you write a script that can notify you [...]
Updates Below! I don’t know about the rest of you, but I have an entire room of my house which is simply a huge pile of electronics scrap. A hacked Tivo, some chipped XBoxes, an old VCR, a pile of PCI video cards, a full shoebox of 64MB Compact Flash cards… You get the idea. [...]
Update: MS fixed this issue in the IE8 6/9/09 security update. Now IE8 behaves like Firefox (unclear on whether ‘X-Download-Options: noopen’ still exists at all). I have noticed a Cross-Site Scripting vulnerability in the way Internet Explorer handles the downloading and opening of HTML files when they are downloaded as an attachment, rather than opened [...]
There has always been something deeply unsettling to me about the ‘Forgot Password’ functionality on many web sites. The ‘Forgot Password’ page exists solely to help unauthenticated users bypass the usual means of authentication. For whatever reason, many developers overlook the importance of locking this down, even after the issue of too-easily-guessable questions in Yahoo’s [...]
There is a legend you may have heard of a lowly system administrator who notices a bunch of extra network traffic coming from one of his workstations. It appears that every packet sent from the workstation is copied and forwarded to an IP address in a country with no extradition treaty. The admin figures that [...]
Updates below! I’d like to share two things with all of you. The first is a dark, personal secret. The second is a toy I made. The secret is that for the past few months I have been harboring an unhealthy obsession with the Japanese television series ‘Ghost in the Shell: Standalone Complex.’ What I [...]