- Posts tagged Security
- Explore Security on posterous
Stop Telling Me How to Create My Password!!!
I am fed up to here with Web sites that presume the right to tell me -- sometimes with annoying precision, equally often with annoying vagueness -- what constitutes a "valid" password.
It's my information.
It's my account.
It's my freaking password.
"Must contain at least eight and no more than 16 characters and include at least one letter one number and one special symbol." Bullpuckey. Says who?
Sometimes the rules make it impossible for me to create a passsword I can remember. So what do I have to do? Write it down. How's THAT for secure, you lame-os?
If I want to be stupid enough to use 1234 as my password or my name or whatever else, what the heck business is that of yours?
Keep your grimy mitts off my passwords!
There. Now I feel better.
:-)
HTML5 Developers Need to Understand New Security Approaches
Steve Mansfield-Divine of the WebVivant blog has issued a warning to Web developers jumping on the HTML5 bandwagon to be cautious about properly implementing security in apps that use the emerging standard.
Focusing specifically on so-called "hybrid apps" -- loosely referring to apps that split UI and data across the browser and the cloud -- he points out that these "schizophrenic" apps (his term) pose new security concerns because they go beyond just a new set of tags. "The worry...is that developers will rush to exploit these great new features without fully understanding, let alone addressing, the security implications."
He cited a threat assessment report in which security software provider McAfee forecast potentially major disruptions in Web app security as HTML5 gains ground.
But, as Mansfield-Divine is quick to point out, the news isn't all bad. HTML5 implements some new security facilities that should make it harder for some kinds of site attacks -- notably, e.g., those using iFrames -- to exploit users and compromise their data.
