Handling input and output aren’t the only strategies available for preventing Cross-Site Scripting (XSS). Content Security Policy (CSP) is a new HTTP response header that–when correctly implemented–significantly reduces exposure to XSS attacks. This what you can do to prepare for it.
Most of us saw the shutdown of Lavabit as yet another possibly overhyped government spying issue and didn’t really think too much of it. Much of the media coverage is already starting to die down but there still is some question as to exactly what the government required of Levison that left him with only one option: shutting down his entire business he built from ground up. I wondered if there were enough clues out there to get some more insight into this case. I was surprised by what I found.
Steve Thomas, aka Sc00bz, has brought up some very interesting issues about the LastPass password monitor that are causing some confusion so I thought I’d give another perspective on the issue. Summary of Steve’s points: When you use the LastPass web site to login to your account, your web browser will first send a hash with a single […]
I know, we have been told for years that the NSA has been spying on us. The revelations in recent months really aren’t that new. We always assumed there was that looming over us and many of us have even greeted various government agencies in our private chats and emails (i.e, “I want to blow […]