Site Network: Personal | Professional | Photography

Technical Blog

This blog will contain content related to Java, Seam, Security, my sites and projects, as well as other technical subjects I am interested in.

Comments and questions are welcome!

Archive for the ‘Security’ Category

Next Entries »

Lions and Tigers and Third-Party Javascript

Wednesday, December 27th, 2006

There are many reasons that you may wish to put a third-party javascript reference on your website. Serving ads, making use of tracking and analytics tools such as Google Analytics, and many other features may want to use a remotely referenced third-party javascript. The big issue here is trust. By putting a remotely referenced javascript on your pages you are essentially handing some control of your visitors’ browsers’ over to this third-party. Maliciously crafted javascript can be used to install software, steal form submission data, rewrite elements of pages, send users to fake phishing sites instead of the real site, crash browsers, popup ads or inappropriate content, and much more. The range of possible attacks using javascript is a long discussion in and of itself, and I won’t go into it here. (Google around or ask me if you want more information on this area of things.)

Read about it after the fold....

(more...)

Posted in Security | 2 Comments »

What’s up with SMTPS?

Monday, November 13th, 2006

Let's start with SMTP. Simple Mail Transport Protocol. This is how e-mail gets sent. This is how e-mail makes it from you, to your recipient. When you check your e-mail, you use POP or IMAP to get the e-mail from the server. But when you're sending e-mail, you use SMTP. SMTP is how your mail client communicates with your mail server, and then how your mail server communicates with other mail servers to deliver your precious e-mail to it's destination.

SMTP has been around since 1982 and is used everywhere. It works, but it's lacking in many ways, most of which are out of scope for this posting.

Basically the way it works is:

(more...)

Posted in General, Security | No Comments »

PGP E-mail Encryption conceptual issue

Monday, November 6th, 2006

I have a number of thoughts in mind, which will likely turn into posts, and they are all leading up to a bigger unified thought. This is one of them.

PGP / GPG email encryption is a good thing. It's a pretty secure system, and the public registries of public keys makes it easy to communicate securely with someone new, with a reasonable amount of trust. One major issue, which I think most people identify as the biggest issue with PGP, is that the popular mail programs don't support it out of the box, or don't support it well.

(more...)

Posted in General, Security | No Comments »

Next Entries »