Now almost every website requires the user to register, there are many benefits of registration for a website, such as retaining users, accommodating discussions, providing customized content and so on.But there is too much trouble if each site requires registration, right?Of course, users can also have their own way, for those less important sites, for example, using a unified user name, password and email so that you only need to remember one account. Then, we also see some advanced methods emerging, such as Facebook Connect, Twitter login, Google OAuth, etc., this indeed eliminates some tro...

XSS injection refers to a Web page generates some unexpected executable js codes based on user input  and these executable codes are executed by web browser,i.e, the source code sent to web browser by the server contains some illegal js codes, and these illegal js codes are related to user's input.Common XSS injection vulnerabilities can be fixed with some functions such as htmlspecialchars(escaping HTML special characters) and strip_tags() or similar, but there are some hidden XSS injection vulnerabilities can not be fixed by the two functions above, and sometimes we are not allowed to r...

With more pervasive of web applications, web security threats are becoming increasingly prominent. Hackers gain web server control by exploiting web server vulnerabilities and SQL injection vulnerabilities, then they may tamper with web content, or steal important internal data, the more serious is to inject malicious code into web pages to affect visitors of websites. Attention is gradually warming up to Web Application Security. Here we recommend eight very useful and free web security testing tools.N-Stalker Free VersionN-Stalker Web Application Security Scanner 2012 Free Edition provides a...

Last week we talked about giving away your passwords and how you should never do it.  When a website wants to use the services of another—such as Bitly posting to your Twitter stream—instead of asking you to share your password, they should use OAuth instead.OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password.This is a quick guide to illustrate, as simply as possible, how OAuth works.The ActorsThere are 3 main players in an OAuth transaction: the user, the consumer, and...

Reader's advisory: Wired News has been unable to confirm some sources for a number of stories written by this author. If you have any information about sources cited in this article, please send an e-mail to sourceinfo[AT]wired.com. In 1972, John T. Draper discovered he could make free long-distance phone calls using a whistle from a Cap'n Crunch cereal box. The whistle emitted a 2,600-hertz tone that got him into the internal authorization system at the phone company. With another noisy device known as a blue box, Draper -- soon to be known as "Cap'n Crunch" -- made it possible for many to...

A group of researchers (Arjen Lenstra and collaborators  from EPFL Lausanne and James Hughes from Palo Alto) published a study, Ron was wrong Whit is right, of new vulnerabilities of cryptosystems. The New York Times picked up the story. Although Lenstra et al discuss several cryptosystems, their results are particularly relevant to those based on RSA. The title mirrors their conviction that cryptosystems based on a single random element have fewer key generation problems than RSA, that uses two random primes.The technical problem they identify...

There are only two hard things in Computer Science: cache invalidation and naming things — Phil Karlton Doing cache invalidation by hand is an incredibly frustrating and error-prone process. You’re very likely to forget a spot and let stale data get served. That’s enough to turn most people off russian-doll caching structures, like the one we’re using for Basecamp Next. Thankfully there’s a better way. A much better way. It’s called key-based cache expiration and it works like this: The cache key is the fluid part and the cache content is the fixed ...

Shared hosting is incredibly popular with users who are looking for the cheapest hosting available – the problem is that along with the low price you get poor performance and even more concerning – questionable security.When running on a shared host dozens if not hundreds of other sites are running on the same servers – this means any single security flaw in any of those applications can compromise the entire server. This  dramatically increases the odds of your server being compromised.Because shared hosting is inherently in-secure Microsoft has built in fe...