MSMVPS.COM
The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Sign in
|
Help
Home
Blogs
Media
Groups
Xato
»
All Tags
»
Application Security
(
RSS
)
Browse by Tags
Xato
Home
Syndication
RSS for Posts
Atom
RSS for Comments
Email Notifications
Go
Recent Posts
Lesson two on what not to do with a CAPTCHA
These CAPTCHAs are just not working out
The Program.exe Problem
Be Smarter with Account Names
Patterns & Practices Security Wiki
Tags
Application Security
CAPTCHA
computer+security
Cryptography
exploits
General
hackers
Hacking
Hardening
kevin+mitnick
Malware
NTFS
Passwords
Patch Management
Privacy
security
Security Policy
surveillance
Tools
uac
Uncategorized
Virtual Machines
Vista
Windows File Protection
Windows Security
View more
Archives
May 2008 (1)
April 2008 (1)
February 2008 (6)
January 2008 (4)
December 2007 (4)
November 2007 (1)
September 2007 (1)
August 2007 (4)
May 2007 (8)
April 2007 (2)
March 2007 (8)
February 2007 (17)
January 2007 (9)
December 2006 (5)
October 2006 (3)
September 2006 (3)
March 2006 (1)
CAPTCHA
Cryptography
exploits
Hardening
Malware
Passwords
Privacy
Tools
Windows Security
Lesson two on what not to do with a CAPTCHA
In my previous post on CAPTCHAs I mentioned that “…you need to make sure the end user can’t do anything to influence what code you pick.” For this example, I will pick on captchas.net, which provides a free CAPTCHA service for anyone...
Published
Wed, Aug 08 2007 1:02 PM
by
MB's Windows Security
Filed under:
Windows Security
,
Application Security
,
CAPTCHA
These CAPTCHAs are just not working out
Filling out a web form without also having to pass a CAPTCHA test nowadays is pretty rare. CAPTCHAs weren’t really that annoying to me when they were more of a rare occurrence but I have been finding myself more and more bothered with them lately...
Published
Tue, Aug 08 2007 8:47 PM
by
MB's Windows Security
Filed under:
Windows Security
,
Cryptography
,
exploits
,
Application Security
,
CAPTCHA
The Program.exe Problem
A couple years ago I mentioned in a SecurityFocus column that Windows has a problem when you put a file named “program.exe” in the system root directory. The problem is basically in how it deals with spaces in paths that don’t have quotes...
Published
Sat, Feb 02 2007 1:30 PM
by
MBs Windows Security
Filed under:
Hardening
,
Malware
,
Application Security
,
Tools
Be Smarter with Account Names
One thing that bothers me about many web sites out there is how I get to (or don’t get to) choose my account name. Sure, many web sites let you have any account name you want, but some web sites just want to use your e-mail address. While this is...
Published
Thu, Feb 02 2007 7:28 PM
by
MBs Windows Security
Filed under:
Application Security
Patterns & Practices Security Wiki
If you do any kind of .NET web development, it would be well worth your time to dig through Microsoft’s Patterns & Practices Security Wiki The Wiki is a good index of old articles and a launching point for new articles on secure web development...
Published
Thu, Feb 02 2007 5:36 PM
by
MBs Windows Security
Filed under:
Application Security
My SSN is showing?
I got an e-mail earlier this week from a financial web site. The e-mail displayed the last 4 digits of my U.S. social security number. Presumably, they didn’t show the entire number for security reasons, but I wondered how secure that really is...
Published
Tue, Feb 02 2007 6:34 PM
by
MBs Windows Security
Filed under:
Privacy
,
Application Security
Yet another failed CAPTCHA?
Today I ran across a Firefox add-on that automatically fills out the CAPTCHA form when you log in: https://addons.mozilla.org/firefox/4381/ Although some might think this is convenient, it obviously shows that eBay’s CAPTCHA, like so many others...
Published
Fri, Feb 02 2007 6:02 PM
by
MBs Windows Security
Filed under:
Application Security
Pafwert: Smarter Passwords
Pafwert is an unique free tool to help you to select strong passwords that are easy to remember. Read More...
Published
Tue, Jan 01 2007 10:30 PM
by
MBs Windows Security
Filed under:
Windows Security
,
Passwords
,
Privacy
,
Application Security
,
Tools
Anti-phishing system can make phishing worse
I am constantly frustrated with poor security implementations I see all around the web. Often, these mistakes could be avoided by never breaking the simple security rules. One of these rules wrote about in my book Hacking the Code is that you should always...
Published
Sun, Dec 12 2006 10:28 PM
by
MBs Windows Security
Filed under:
Application Security
Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.