Literatecode

Last week I went on a quest to find the simple, lightweight and portable e-mail client to put on a USB drive. Additional requirements for the client were to be free and support encodings. Surprisingly, it was the tough quest. After browsing through potential candidates (most of them were just ugly and clumsy, honestly), three runner-ups were selected: Sylpheed, Scribe and Ultrafunk Popcorn. All of them had own pros and cons, but failed altogether when it came to security. The way these clients protect user account credentials is a disaster. Account passwords can be collected and cracked instantly by malware.
Continue reading Cracking portable e-mail clients

Old but good and quite representative show from MythBusters about fingerprint systems reliability.

It is a general misconception that NSA involvement made Windows Vista more secure. NSA may certainly know stuff about cryptography but they are only humans. Thus, when it came to security, they suck like everybody else. Here is a cross-site script (XSS) vulnerability at the NSA web site for a sample:

http://www.nsa.gov/notices/notic00004.cfm?Address="%20onmouseover="alert('boo')
(go to ACCEPT link at the bottom of page)

See, a plain input validation is not something that NSA great at. Do not take it for granted then.

A great UI is one that allows user to remove and hide whatever UI designers believe to be a great UI.

If you ever wanted to feel yourself like a computer virus then

• go to http://www.google.com
• type inurl:google -gogole
• navigate to any result page after 11th and here we go

Seems that anything else instead of “google” will work the same way. Humans are not supposed to browse that far, ya know.

Edited, 03-03-07: Google fixed this bug.