Digests » 195
this week's favorite
The Big List of Naughty Strings is an evolving list of strings which have a high probability of causing issues when used as user-input data. This is intended for use in helping both automated and manual QA testing; useful for whenever your QA engineer walks into a bar.
In 1999, armed with a brand new copy of Metrowerks Codewarrior and a PowerMac running Mac OS 8.5.1, I wrote a basic implementation of Minesweeper to test out the Powerplant application development environment. It’s the oldest project of mine that I’ve kept, so I wanted to see if I could get it running again for the first time in 17 years.
When building applications that display untrusted content, security designers have a major problem— if an attacker has full control of a block of pixels, he can make those pixels look like anything he wants, including the UI of the application itself. He can then induce the user to undertake an unsafe action, and a user will be none the wiser.
On 2016-11-28 it was brought to our attention that we were unintentionally exposing email addresses and phone numbers of users that filled out a Developer Story. The information wasn't actually printed to browsers, but was present in the page's HTML source markup. The bug causing this existed since the Developer Story private beta, but was actually exposed once the beta period switched to public on 2016-10-11.