The Register exposed this ! Cross-site Scripting (XSS) vulnerabilities allow attackers to steal user authentication cookies from AmericanExpress.com – According to an independent vulnerability assessment firm… the XSS bug still remains unfixed !! To read more…follow this link:
Another winter storm hit us yesterday… this time we had up to 12″ of snow – My back hurts after blowing and shoveling up my huge driveway. This week supposed to be the most busiest Christmas shopping day, but this storm may put another dent on already slagging retail sales !
Few weeks ago, I picked this document from one of my crazy mailing list subscriptions – Surprising to note an email, that featured an NSA UNCLASSIFIED document that digs deep into Security features of Microsoft .NET Framework ( versions 1.0, 1.1 and 2.0). The document is a bit dated and it did’nt highlight the latest security features of .NET version… Read more »
A picture is worth a thousand words. This picture is intended for a friend of mine (a doubting Thomas), who did’nt believe my latest work on enabling a multi-factor authentication based “Web SSO” that uses on-card credentials (PIN + PKI + Biometrics) using PIV card. This solution is currently tested to run Sun OpenSSO Enterprise 8 (running on Glassfish v2),… Read more »
Biometric smartcards are made compulsory for sea-going fishermen from January 1, 2009, who reside in the Mangalore coast of Karnataka (India). It is very surprising to note this initiative from a local government organization steps up to enhance security and enforcing stronger access control – very pro-active move ! Here is the Story – Biometric attendance system at New Mangalore… Read more »
Today is thanksgiving day here in the USA – I am deeply and sorrowfully affected by the time of crisis in my Indian motherland – due to menace of terrorism and cowardice acts practiced in the name of religion. Last night, heavily armed gunmen stormed into hotels, tourist attractions and train stations and carried out attacks on innocent civilians killing… Read more »
More often, I feel that I am not hooked to anything but here is some proof that I am addicted to something ~76%. That’s interesting !
Finally, I had some time to play with WordPress 2.6.5…and did have success with importing those old stuff to new Sun MySQL database and the themes/customizations (the PHP scripts were too old so i ended up doing wild guess then hack)….to make it run on WordPress 2.6.5 – it works ! Editing those messed up PHPs was an interesting experience…. Read more »
Yes, the demand for rich clients and rich-client-like Web applications are definitely overwhelming for its look and feel performance. When we think of rich clients over Web, we often think of applets as a solution in the first place and we forget to consider other promising options like Java Web Start (JWS) and other Web 2.0 interfaces via Ajax and… Read more »
Last week, I was test driving a PIV Smartcard based PKI as a keystore (via Java PKCS#11) to support using the PKI/certificate credentials for performing encryption/decryption and digital signature operations (PKI based logins to Web applications, Encryption/decryption of documents, Digitally signing email). There is no secret receipe but some of you may find it a bit difficult – if you… Read more »