#195 – January 22, 2017
The Big List of Naughty Strings is an evolving list of strings which have a high probability of causing issues when used as user-input data. This is intended for use in helping both automated and manual QA testing; useful for whenever your QA engineer walks into a bar.
Compiling a Mac OS 8 application on macOS Sierra
In 1999, armed with a brand new copy of Metrowerks Codewarrior and a PowerMac running Mac OS 8.5.1, I wrote a basic implementation of Minesweeper to test out the Powerplant application development environment. It’s the oldest project of mine that I’ve kept, so I wanted to see if I could get it running again for the first time in 17 years.
Things you probably didn’t know you could do with Chrome’s Developer Console
Chrome comes with built-in developer tools. This comes with a wide variety of features, such as Elements, Network, and Security. Today, we’ll focus 100% on its JavaScript console.
The Line of Death | text/plain on WordPress.com
When building applications that display untrusted content, security designers have a major problem— if an attacker has full control of a block of pixels, he can make those pixels look like anything he wants, including the UI of the application itself. He can then induce the user to undertake an unsafe action, and a user will be none the wiser.
A Post-Mortem on the Recent Developer Story Information Leak
On 2016-11-28 it was brought to our attention that we were unintentionally exposing email addresses and phone numbers of users that filled out a Developer Story. The information wasn't actually printed to browsers, but was present in the page's HTML source markup. The bug causing this existed since the Developer Story private beta, but was actually exposed once the beta period switched to public on 2016-10-11.