[Update 11/13: Please see my follow-up to these issues.] [Update 3/26: I'm now in contact with Google Security.] [Update 3/28: I'm aware of Google's official response to the issues raised in this blog. I am continuing to share my findings with Google Security and appreciate the excellent feedback they are providing me. It would be [...]
Archive for March, 2009
Security issues with Google Docs
Posted in security, Uncategorized, tagged google, Google Docs, privacy on March 26, 2009 | 25 Comments »
Chinks in the Armor
Posted in security, Uncategorized, tagged defense in depth, xss on March 23, 2009 | Leave a Comment »
Defense-in-depth is a cornerstone of any information security strategy. Corporate networks are routinely segmented into various zones such as “public”, “DMZ”, “extranet” and “intranet” to contain sensitive information deep within several protection domains. Failure of one control should not compromise the entire system. Defense-in-depth is everywhere. Border routers filter spoofing attacks. The firewalls behind them [...]
Security Compliance
Posted in security, Uncategorized, tagged audit, compliance on March 22, 2009 | Leave a Comment »
Having served on a national information security standards working group, I’m keenly aware that compliance is a major driver — if not the primary driver — for security initiatives today. Compliance rules work best when the threat for inaction is tangible and immediate. Usually, the threat is “we will fail external audit unless we comply [...]
iPhone SDK Regular Expressions
Posted in iPhone, tagged iPhone, regex on March 18, 2009 | Leave a Comment »
If you’re programming the iPhone, sooner or later you’ll need regular expressions (regex). By default OS X includes the ICU, an open source Unicode library which has extensive regex capabilities. The ICU APIs are in C/C++ however, not Objective-C. Fear not, RegexKitLite to the rescue. This small library has done all the hard work [...]
