Archives for the Month of April, 2007

Forgotten password

The easiest avenue into a site I’ve been writing an email web application recently and I have been thinking about making the forgotten password feature more secure as it is often the easiest avenue for an attacker to get into your web site. The major issue with these features is information disclosure, for example if […]

The mindset of a hacker

Swordfish, yeah right! The glorified media definition of a hacker is wrong; a hacker isn’t Swordfish [1]. A hacker enjoys what he/she does and is motivated by the willingness to learn not for profit. It is important to identify if you have a hacker in your business because you need to approach them in a […]

Coda

Coda has been released recently, it is a complete web development tool from Panic (Who make Transmit). Looks quite good, thumbnails for each site, local/remote editing, editor and even a terminal! Have a look here:- http://www.panic.com/coda/ I asked them a couple of questions and they got back to me very quickly, see below for their […]

Accessible captchas

To create an accessible captcha is not easy task because the very nature of the test creates accessibility problems because it is difficult to tell machines and humans apart. I like difficult problems that people have a hard time in figuring out the right solution Usually what I tend to do when coding for something […]

One-time Form tokens

What is a form token? A form token provides protection against forms of attacks against your site (e.g.CSRF *), which allows a hacker to use your form in a way it wasn’t intended. The idea being that a form token appears as a hidden field that can only be used once. How do you create […]

How to prevent phishing

Phishing is not a security problem; it is user education that is the issue. Why do the majority of phishing attacks fail? Simple. Because users are clever enough to realise it is not the site that is sending the email. So if the majority of phishing attacks fail, why do some users fall for the […]

Protecting against form Spam

Because of my success with WordPress comment spam protection I have decided to release another free version of SpamBam that will also protect any php form on any web site from spammers! The code is again released under GPL so anyone can use it for free or modify it. Instructions 1. Download and unzip the […]