This site was archived on 24 April 2012. No new content can be posted. The mailing list remains online and the site will stay in this archived state for the forseeable future. If you find any technical errors on the site, please contact Callum.



Tag Archive for 'security'

CouchSurfing password security vulnerability

Warning: If you get a username / password pop up on CouchSurfing.org, click cancel, do not enter your username and password except on the CouchSurfing login page.

As of right now, I’m seeing this CSS file included on all CouchSurfing.org pages. That file links to this image. That image returns a 401 authorisation denied error. That in turn causes the browser to request a username and password, the realm is given as “CS”. If a user enters their CouchSurfing username and password, that data will be submitted to functionalfreelance.com.

This is a serious security issues as many users are likely to enter their passwords without realising what’s going on.

As far as I can tell from a scan of the whois data and dns records, there is no connection between couchsurfing.org and functionalfreelance.com. It seems likely to me that this is a hack of some sort, either deliberate or accidental. I hope accidental. Either way, this is a significant issue and needs immediate resolution by CS Inc. I have notified Casey Fenton, Jim Stone and Chris Burley directly of this issue.

BlueHat – If Microsoft can change. Can …. ?

I was just reading about BlueHat and snyder

The Blue Hat program, which opened communications between Microsoft developers and outside security researchers. Previously, Microsoft was loath to share technical information with those outside of its Redmond, Wash., headquarters.

BlueHat is an internal Microsoft event, where Microsoft employees and executives learn from top security researchers from across the world, and use the knowledge they gain to improve the security of Microsoft products.

This reminded me of a lot of similarities between the two entities.

Both M$ and C$ are not open source

Both are paranoid about who reads their badly written code.

But… If M$ can make a changes for the better can … ?

And we are not just talking about code here.But everything about security,safety networks all over the world.

And to end with an off topic quote

“The strength of Mozilla is absolutely the community (of tens of thousands of volunteers). We have to make sure they know they’re being heard,” says Snyder,