05 Apr 2014

Check User-Submitted URLs for Malware and Phishing in Your Application

If you write software for the web that allows users to submit or share URLs (comment systems, mail clients, forums, URL shorteners, etc), you may find yourself in a position where you need to filter out malicious links.

26 Oct 2013

Buffer Compromised – Here’s What You Need to Do

Popular social media management system Buffer has confirmed that they’ve been compromised, with weight-loss SPAM being sent from customer Twitter and Facebook accounts. Here’s what you need to do to keep your accounts (and potentially your customer accounts) safe.

01 Aug 2013

Failing Well: Managing Risk in Web Applications

When I talk about risk as it relates to web applications, people usually assume I’m talking about hardening applications from hackers, spammers and other ne’er-do-wells. While malicious attacks are absolutely a non-trivial part of risk management, there’s a lot more to it that’s just as important.

26 Feb 2013

Asian Spammers Ate My Bandwidth

Because I’m a giant loser who thinks that analyzing apache logs is an awesome way to spend a Friday night, I’ve noticed a huge upswing in the amount of traffic coming from IP addresses in China – to the degree that it’s actually eating up huge amounts of bandwidth.

16 Jul 2012

Better Passwords with 1Password

There’s no excuse for crappy passwords anymore, thanks to apps like 1Password. Creating good, hard-to-crack passwords is clumsy and the harder a password is to crack, the harder it is to remember. So what if you didn’t have to remember them?

23 Jan 2012

Detecting Fraud in Facebook Contests

Whatever your feelings on Facebook, it’s pretty clear that it’s here to stay. If your company or organization has considered running a promotional Facebook contest, this is crash course in detecting fraud because if your prize is worth anything to anyone, you will encounter fraud, without exception.