Marcin decided to take the day off with pay and allow me to share with you a guest blog post. Thanks, Marcin!
Hello, my name is Andre and I’m a blogoholic. On with the post!
With the popularity of MySpace also came the desire to track others who look at one’s profile. MySpace trackers came […]

Web 2.0 has (re)introduced a wide variety of attack vectors that can be used against Internet users to steal sensitive information, control the web browser, and more. The security industry has seen a shift from concentrating on the servers that house data to protecting the data itself. Many web applications and social-networking sites today exhibit flaws that expose them to all sorts of attacks, with much focus on XSS, CSRF, exploiting the same-origin policy and malicious code execution.

Ryan Naraine of ZDNet points out a Greasemonkey script that blocks Gmail cookie-theft attacks. The script can be downloaded here, and it redirects Gmail to use a “secure” HTTPS connection. You can modify the script to @include redirect any site that has HTTP or HTTPS to use HTTPS by default.
The meat of the script is […]

kuza55 noted this morning that Firefox 2.0.0.5 has implemented support for httpOnly cookies. It’s not perfect, as ma1 pointed out in the comments, but it’s better than nothing.
The Firefox browser could be made even more secure by building NoScript, LocalRodeo, CookieSafe, SafeHistory, and SafeCache into the Firefox codebase. In addition an option to run only […]

I’ve been real busy lately, but I came across several blogs and articles this week that I’d like to share, Andrew Hay style. =)
CEO Crime & Punishment — Ben Horowitz, CEO of Opsware Inc., shares his thoughts on what entices executives to commit white collar crime. Is it for money? Or is there some other […]