BayThreat 2012 WebSocket Presentation

BayThreat held its 2012 conference this December in Sunnyvale, CA. Yes, I was sorely disappointed it wasn’t actually in Sunnydale (with a ‘d’). My colleagues, @sshekyan and @tukharian, and I gave an overview on the security of WebSockets. The presentation slides are available now. Reading slides is always a hazardous approach to understanding a presentation. […]

HTML5 Unbound, part 3 of 4

(With the historical perspective behind us, we dive into HTML5. This series concludes on Wednesday.) Security (and Privacy) From HTML5 Most HTML5 security checklists rehash the recommendations and warnings from the specs themselves. It’s always a good sign when specs acknowledge security and privacy. Getting to that point isn’t trivial. There were two detours on […]

HTML5 Unbound, part 2 of 4

(The series continues with a look at the relationship between security and design in web-related technologies prior to HTML5. Look for part 3 on Monday.) Security From Design The web has had mixed success with software design and security. Before we dive into HTML5 consider some other web-related examples: PHP superglobals and the register_globals setting […]

Google Darts Back to VBScript

There’s an interesting discussion evolving on the WebKit developer’s mailing list that boils down to adding VBScript support to the project. Well, almost. It’s a discussion between two major contributor camps, Google and Apple, on the framework for integrating Google’s langue du jour: Dart. To set the stage, no one on the list is arguing in […]

How web security will change with HTML5

Here’s an article with musings on potential security1 issues of The Web’s favorite new buzzword, HTML5. Before you get too excited about breaking the spec, consider this bit: The most dangerous security problems won’t be due to features of HTML5. Too many experienced people have been working on the specs to leave egregious errors in […]