Comments for plip blog

Comment on Lifehacker on Passwords by mrjones

mrjones — Thu, 02 Sep 2010 17:21:16 +0000

Wangston - Excellent point! My hackles may have been prematurely raised when I read the article. Indeed, the XSS scenario you describe is exactly how the Jira/Apache hack was executed. However, I still feel there's a level of sophistication for a good XSS hack that's different then a script kiddie brute force.

Comment on Lifehacker on Passwords by wangston

wangston — Thu, 02 Sep 2010 16:16:28 +0000

you don't need local access to steal cookies. many/most XSS attacks allow the attacker to steal cookies remotely. there are also a lot of MITM attacks you can use to steal cookies (if i control your DNS, then you send me your cookies!)

Comment on Thermodynamics (video) by Hans

Hans — Thu, 19 Aug 2010 02:07:59 +0000

But it is very smooth… The thermodynamic substance that is :')

Comment on Baby Spider Pictures by Hairy Dog

Hairy Dog — Wed, 30 Jun 2010 17:03:39 +0000

Very nice. Lucky to find both the mother and the babies.

The dog water bowl for a fill light is 'brilliant' :)

Comment on Simpson's For Ever by mr jones

mr jones — Wed, 03 Mar 2010 22:28:19 +0000

cool!

Comment on Simpson's For Ever by mrjones

mrjones — Wed, 03 Mar 2010 22:27:18 +0000

works!

Comment on Simpson's For Ever by mr jones

mr jones — Wed, 03 Mar 2010 22:26:35 +0000

testing comments

Comment on Keep those passwords safe by mrjones

mrjones — Wed, 03 Mar 2010 22:16:47 +0000

Mike - Thanks for the comment! DropBox is a known quantity, not specifically a weak link. Let's assume they're a so-so company and their security is only so -so (I think they're great though!). This "so-so" security is totally OK because KeePass implements real encryption way above and beyond what DropBox will ever provide. For us, DropBox is less secure storage and more a rich man's rsync between our work computer, home computer and smartphone. It even has a web interface so we can use it on a friends computer with out installing anything. A very rich man's rsync, indeed!

Comment on Keep those passwords safe by Mike Smith

Mike Smith — Wed, 03 Mar 2010 15:50:13 +0000

Is dropbox the weak link here? Drop box does not seem very secure to me. What would stop someone from hacking dropbox and then they have your password file?

Comment on Another Very Poor Man's Google Analytics Post by mrjones

mrjones — Mon, 01 Mar 2010 06:27:03 +0000

Hah – no, the blog has only been up for…um…9 months? No! Goodness! It's been a year almost to the day! I imported all the old "posts" from the news system I wrote into wordpress. My first post was Feb 24th, 2009. How apropos that on the 27th I wrote about the top posts which likely span the last year. Hah!