AJAX and CSRF
When working on some new AJAX features for bbPress and WordPress we’ve noticed that AJAX requests don’t seem to send HTTP_REFERER values. We check referrers as one level of protection against...
View ArticleClik here to view.
Spammers Hack Blogs
Blog spammers have sunk to new lows. Nivi, a blog I’m subscribed to, was showing dozens and dozens of entries being updated even though there was no discernible difference. However as I started looking...
View ArticleAirport Security Follies
The Airport Security Follies. “And rather than rethink our policies, the best we’ve come up with is a way to skirt them – for a fee, naturally – via schemes like Registered Traveler.”
View ArticleSecurityFocus SQL Injection Bogus
Since people are asking, this so-called alert on Security Focus appears to be completely false and has no information that an attacker or the WordPress developers could use. It is completely...
View Article