Security – Musing Mortoray

Keeping tabs on shady internet authorities — What is Certificate Transparency?

By mortoray on 2018-06-04 • ( Leave a comment )

Did you know somebody else could steal your domain name? Even if you’ve properly secured your site and gotten the right security certificates, it’s still possible some people get to the wrong […]

Writing software for a malicious world

By mortoray on 2017-05-30 • ( 1 Comment )

How do we write software that survives in a world of malware? Is it just a matter of writing safer code or do some of our core assumptions need to be modified? […]

Microsoft is absolutely at fault for WannaCry

By mortoray on 2017-05-17 • ( 8 Comments )

Microsoft has played a significant role in the damage of the WannaCry ransomware. Certainly the proximate cause lies with the malware’s authors, and they should be held accountable. The complacent NSA is […]

Fix your crappy ads and I’ll stop blocking them

By mortoray on 2017-05-02 • ( 8 Comments )

Ad-block users are finding an increasing number of sites blocking access. I wonder if any of them asked themselves why we block ads? Do they suppose we’re anti-capitalist scum fundamentally opposed to […]

You can’t trade privacy for security

By mortoray on 2015-07-15 • ( 1 Comment )

The idea that one can give up privacy in exchange for security is misguided and dangerous. It’s a cliché peddled by politicians who either just don’t understand or are intentionally misleading the […]

How HTTP cache headers betray your privacy

By mortoray on 2015-05-11 • ( 6 Comments )

I recently implemented Etag caching support only to learn its a privacy breach. Internet scum have coopted yet another technology to track us as we browse. In this article I’ll look briefly […]

A secure and private browser sandbox

By mortoray on 2014-09-30 • ( 6 Comments )

A patchwork set of standards and rules is creating an unsafe web. Cross-site attacks are too common and privacy leaks have become the norm. There’s no reason it has to be like […]

Blocking JavaScript seems like a good idea

By mortoray on 2014-09-15 • ( 13 Comments )

My fancy new website is broken due to a script blocking extension. I found this out when I showed a friend the Radial Blitz website. He complained that something was lacking. He […]

Allowing unlimited access with CORS

By mortoray on 2014-04-09 • ( 4 Comments )

Opening a REST service for browser use requires CORS. Browsers have a very strict cross-domain policy that will either block the request, or just block access to the returned content. If you […]

The dangers of OAuth/Social Login

By mortoray on 2014-02-21 • ( 12 Comments )

OAuth authentication is not safe. This is the baseline from which all applications should be working. There is a place for social login, but it should be a very restricted domain. It […]

Sessionless Authentication with Encrypted Tokens

By mortoray on 2010-02-11 • ( 2 Comments )

Storing user credentials is one of the key roadblocks in creating a sessionless web application. Somehow you need to safely identify the user without storing data on the server nor allowing tampering […]

Musing Mortoray

Programming and Life

Tag: Security