security – mact.me

So You Want To Keep Your Cookies Secure

At Social Tables, we have this Koa app that needs to read and set a session cookie. We don’t want to send that cookie over an unencrypted connection, though. We use koa-generic-session for session management. That library uses the cookies library under-the-hood, and luckily, there’s a simple configuration option to avoid sending cookies over an… Continue reading So You Want To Keep Your Cookies Secure

Link Dump – Node.js Security

A Malicious Module on npm The npm Meltdown Uncovers Serious Security Risks Package install scripts vulnerability Is Guy Fieri in Your Node.js Packages? Controlling the Node.js security risk of npm dependencies One easy way to inject malicious code in any Node.js application

Resetting NTFS files security and permission in Windows

Resetting NTFS files security and permission in Windows. Life saver for someone (me) who still reluctantly maintains a Windows machine.

icacls * /T /Q /C /RESET

Twitbin Fixes Security Flaw

Brian Breslin, of Twitbin, left a comment saying that Twitbin fixed the security flaw I previously pointed out. Cooool! 😎

Twitbin Fails Basic Password Security

UPDATE: FIXED. See the comments below. A couple weeks ago, I installed twitbin, a Firefox extension that loads twitter in a sidebar. But, I just happened to be checking my browser cookies, and I noticed that my twitter username and PASSWORD were stored in my browser cookies in plaintext! This is not even a session… Continue reading Twitbin Fails Basic Password Security

WordPress and JavaScript Hijacking

I read this paper that Bruce Schneier linked to regarding JavaScript hijacking. Seems to me that WordPress plugin developers who piggyback on WordPress’s builtin security features shouldn’t have anything to worry about. Judging from what little buzz there was, I think that’s probably true, but I’m interested in others’ thoughts.

Yikes! WordPress Hacked!

The WordPress crew have announced that the WordPress 2.1.1 download got cracked by an unnamed attacker who injected some code that would allow remote code execution. I’m glad I haven’t upgraded!

Scheduled Tasks – Running Tasks Without A Password

For XP Pro: Go to Start/Administrative Tools/Local Security Policy/Security Settings/Local Policies/Security Options Accounts: Limit local account use of blank passwords to console logon only. This is enabled by default, disable it. For XP Home: (Keith Miller) Go to Start/Run/Regedit and navigate to this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Value name: limitblankpassworduse, Type: REG_DWORD, Data: 0 (disabled) 1 (enabled)… Continue reading Scheduled Tasks – Running Tasks Without A Password