Web App Development - Systems Architecture - API Building - Security Audits

Posts Tagged ‘security’

IIA Web Development Working Group

Monday, January 26th, 2009

iia-logo1Today the Irish Internet Association announced the setting up of a new working group for web development. The main aim of the group is to educate decision makers on the web development process. This will cover areas such as server-side technologies, front-end technologies, development processes, best practices and standards in web, security and data protection.

Anyone who has ever worked with a client to build a web site or web application will know that there are areas where the client could benefit from having a better understanding of what is involved in the development process. Ultimately, when a client is better advised in these areas, they can make more informed decisions. This also can be beneficial to the development company or freelancer, as it can ensure better communication from the beginning of a project. (more…)

Tags: , , , ,
Posted in Irish Internet Association, Web Development Working Group, echolibre, industry, leadership, security | No Comments »

Twitter, user privacy, it’s implications

Wednesday, January 7th, 2009

Over the past number of days a few issues have arisen around Twitter’s security platform. Most of the security “problems” discovered were either minor or required a high level of social engineering. One thing that has been realized and that is becoming common knowledge, is that once you are logged in to twitter, as soon as you visit another web site, that other site can make an Ajax request and retrieve your user profile.

Personally, I believe that this will be one of the features of web3.0*. The ability to have a single login, not having to log in anywhere and your profile will be recognized, etc. (OAuth, OpenID, etc). We could almost say browser-identifiable-security where one browser window (with as many tabs as you want) could be associated with a single account and all websites you visit would know about you and your information. The idea itself is very neat, but brings with it issues around user privacy.

(more…)

Tags: , , ,
Posted in OSS Bar Camp, industry, security, twitter | 5 Comments »

Skitch.com, security alert? Alert the team

Tuesday, December 9th, 2008

About two weeks ago I was uploading something to skitch.com and saw an inline button. So being a security person myself, I decided to try some XSS on their fields. 1, 2, 3, 4 tries done, I was able to load some of my javascript from a remote host and the nice thing is that this was a public URL. So for fun I sent the URL to a few friends. What that script was really doing was taking their cookies, writing to a file on my server and sending them back to the main page of skitch. So basically what people told me was that the link didn’t work, they were sent to the main page. In the meantime I was finishing my PoC by editing my cookie with their cookies. After about 10 minutes I had changed their first name and last name. (more…)

Tags: , , ,
Posted in echolibre, industry, security | 4 Comments »

About this blog

We like to blog about things we're passionate about. We love PHP, MySQL, CouchDB, Linux, Apache - web development standards. We also like writing about building web apps and working with web technology.
You can email us on freedom@echolibre.com

Follow us on Twitter

Eamon Leonard - @EamonLeonard
David Coallier - @DavidCoallier
Helgi Þormar Þorbjörnsson - @h
J.D Fitz.Gerald - @jdfitzgerald
Noah Slater - @nslater
Court Ewing - @courtewing

 

 

 

echolibre limited is registered in Ireland, company number 451576. Directors: Eamon Leonard, J.D Fitz.Gerald. Registered Office: 64 Dame Street, Dublin 2, Ireland.