So You Want To Keep Your Cookies Secure

At Social Tables, we have this Koa app that needs to read and set a session cookie. We don’t want to send that cookie over an unencrypted connection, though. We use koa-generic-session for session management. That library uses the cookies library under-the-hood, and luckily, there’s a simple configuration option to avoid sending cookies over an… Continue reading So You Want To Keep Your Cookies Secure

Link Dump – Node.js Security

A Malicious Module on npm The npm Meltdown Uncovers Serious Security Risks Package install scripts vulnerability Is Guy Fieri in Your Node.js Packages? Controlling the Node.js security risk of npm dependencies One easy way to inject malicious code in any Node.js application

WordPress and JavaScript Hijacking

I read this paper that Bruce Schneier linked to regarding JavaScript hijacking. Seems to me that WordPress plugin developers who piggyback on WordPress’s builtin security features shouldn’t have anything to worry about. Judging from what little buzz there was, I think that’s probably true, but I’m interested in others’ thoughts.

Yikes! WordPress Hacked!

The WordPress crew have announced that the WordPress 2.1.1 download got cracked by an unnamed attacker who injected some code that would allow remote code execution. I’m glad I haven’t upgraded!

Scheduled Tasks – Running Tasks Without A Password

For XP Pro: Go to Start/Administrative Tools/Local Security Policy/Security Settings/Local Policies/Security Options Accounts: Limit local account use of blank passwords to console logon only. This is enabled by default, disable it. For XP Home: (Keith Miller) Go to Start/Run/Regedit and navigate to this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Value name: limitblankpassworduse, Type: REG_DWORD, Data: 0 (disabled) 1 (enabled)… Continue reading Scheduled Tasks – Running Tasks Without A Password