Tuesday, September 20, 2011

Hackers break SSL encryption used by millions of sites

Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet's foundation of trust. Although versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he's visiting.

At the Ekoparty security conference in Buenos Aires later this week, researchers Thai Duong and Juliano Rizzo plan to demonstrate proof-of-concept code called BEAST, which is short for Browser Exploit Against SSL/TLS. The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts. The exploit works even against sites that use HSTS, or HTTP Strict Transport Security, which prevents certain pages from loading unless they're protected by SSL.

The demo will decrypt an authentication cookie used to access a PayPal account, Duong said.




via



Follow me on Twitter @rajneeshgarg!

Friday, September 16, 2011

Highly Useful HTML5 Reference

Highly useful HTML5 Reference


[Click to see the original] 

Follow me on Twitter @rajneeshgarg!

Thursday, September 15, 2011

Microsoft download from The Garage: Mouse without Borders - Next at Microsoft - Site Home - TechNet Blogs

Microsoft download from The Garage: Mouse without Borders - Next at Microsoft - Site Home - TechNet Blogs: Mouse Without Borders is a project I’ve been familiar with for the last 6 months or so and it’s a wonderfully useful tool. In a nutshell, it allows you to reach across your PC's as if they were part of one single desktop. I have two PCs on my desk at work connected to 3 LCD screens and using Mouse Without Borders I can move my mouse between the 3 screens, even though one of them is attached to a different PC from the other two. What’s more, I can move files between the 2 computers simply by dragging them from one desktop to another. In fact you can control up to four computers from a single mouse and keyboard with no extra hardware needed – it’s all software magic, developed by Truong Do who by day is a developed for Microsoft Dynamics. The software is easy to setup and in addition to enabling drag and drop of files, you can lock or log in to all PCs from one PC, and as a whimsical bonus is it allows you to customize your Windows logo screen with the daily image from Bing or a local collection of pictures :) I regularly use it to have one PC dedicated to social media streams while I work away on my other PC connected to two screens.

The video above both explains and shows Mouse Without Borders far better than I can using words. The project is testament to the power of The Garage which helped Truong develop the user interface and setup the usability tests that have helped the tool become very accessible and easy to use. As well as that, The Garage and its regular Science Fairs inside Microsoft helped expose the project to 9,000 people before it was ready for external release. Now that day has arrived and I’m delighted to announce here on Next at Microsoft that Mouse Without Borders is ready for download.

Follow me on Twitter @rajneeshgarg!

InfoQ: Limiting Work in Progress and Scrum

InfoQ: Limiting Work in Progress and Scrum: Limiting Work In Progress works in the same way that Scrum does. You see Scrum doesn't really solve any problems for you and neither does limiting Work In Progress, it just exposes the problem for what it really is which makes it easier to solve. If it's a business area problem, then it's easy to show and prove to the business making the solution easier. If it's a tendency of the team to juggle the entire sprint backlog, then bring in a WIP limit and measuring over a couple sprints might be enough to prove to them the virtues of this new idea.
If your Scrum team can't solve a problem on it's own, then they come to you (the Scrum Master). It's your job to hunt down whoever can unblock the team as quickly as possible and solve that problem. What will your developers do while you're on your manhunt? Partnering up on a single programming task would work great, maybe having a WIP limit of 8 for a team of 7 or a WIP limit of two for each single developer. Use your sprints to experiment here if it seems like something you want to implement.
Just remember to wear comfortable shoes since you'll be walking a bit more than normal for at least a little while.

Follow me on Twitter @rajneeshgarg!

A

Popular Posts (Last 30 days)

This is a personal blog and I do not speak for my employer.