At Social Tables, we have this Koa app that needs to read and set a session cookie. We don’t want to send that cookie over an unencrypted connection, though. We use koa-generic-session for session management. That library uses the cookies library under-the-hood, and luckily, there’s a simple configuration option to avoid sending cookies over an… Continue reading So You Want To Keep Your Cookies Secure
A Malicious Module on npm The npm Meltdown Uncovers Serious Security Risks Package install scripts vulnerability Is Guy Fieri in Your Node.js Packages? Controlling the Node.js security risk of npm dependencies One easy way to inject malicious code in any Node.js application
Resetting NTFS files security and permission in Windows. Life saver for someone (me) who still reluctantly maintains a Windows machine.
icacls * /T /Q /C /RESET
Brian Breslin, of Twitbin, left a comment saying that Twitbin fixed the security flaw I previously pointed out. Cooool! 😎
UPDATE: FIXED. See the comments below. A couple weeks ago, I installed twitbin, a Firefox extension that loads twitter in a sidebar. But, I just happened to be checking my browser cookies, and I noticed that my twitter username and PASSWORD were stored in my browser cookies in plaintext! This is not even a session… Continue reading Twitbin Fails Basic Password Security
The WordPress crew have announced that the WordPress 2.1.1 download got cracked by an unnamed attacker who injected some code that would allow remote code execution. I’m glad I haven’t upgraded!
For XP Pro: Go to Start/Administrative Tools/Local Security Policy/Security Settings/Local Policies/Security Options Accounts: Limit local account use of blank passwords to console logon only. This is enabled by default, disable it. For XP Home: (Keith Miller) Go to Start/Run/Regedit and navigate to this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Value name: limitblankpassworduse, Type: REG_DWORD, Data: 0 (disabled) 1 (enabled)… Continue reading Scheduled Tasks – Running Tasks Without A Password