February 2010 Blog Posts
And the recording, with interruptions is here Barry Dorrans’ hijacked encryption session at DDD8 on Vimeo. I’ve also seen some of the feedback. Some selected highlights include Barry was more funny than usually! I don't think I laughed so much as when the videos began in this session. Barry will be sorely missed yet he still managed to complete his session and coped well with the barrage of mickey-takes and corrective outbursts from Jon Skeet. Peerless Barry Dorrans, but why were those guys wearing Stephen Hawking T-shirts...
So by now we should all know that using user input in a web page and spitting it back out again without encoding it is a bad idea and leads to cross site scripting. Of course some web sites don’t bother, which leads to hilarity such as the Toyota Ireland recall page, as demonstrated here. All the HTML encoding in the world won’t save you if you’re not constraining and validating your input … (although Toyota aren’t even bothering with encoding – you can embed script in the r parameter for that page) Technorati Tags: Input,Security,XSS
A tight little bunch of nits … tightly nit bunch. I’d suggest if you’re waiting for the video of my DDD8 session you forget it. The good bits – the interruptions are below … Plip's Book Advert. Liam's Eulogy. Colin Mackay's new source of presentations. Craig Murphy insulting not one but two ex-UK community folks. It is with a heavy heart, for various reasons, that I’m boarding the Microsoft big white taxi from Heathrow this afternoon. Obviously I’m going to miss family, but the UK .NET community has been part of...
A poor Adobe employee is throwing its toys out of the iPram right now over the lack of flash support on the iPad. However that little plug brick has one major advantage … for a change on the iPhone Apple appear to have done a reasonable job on security (although with their tight-lipped approach to discussing security it’s hard to tell). Adobe on the other hand, well … Acrobat is the major vector for drive by malware right now, Flash has its own problems and the Shockwave security update last month had users uninstalling old versions and then installing...