Thursday, 27th September 2007
Google GMail E-mail Hijack Technique. Apparently Gmail has a CSRF vulnerability that lets malicious sites add new filters to your filter list—meaning an attacker could add a rule that forwards all messages to them without your knowledge.
WebRunner 0.7—New and Improved. A simple application for running a site-specific browser for a service (e.g. Twitter, Gmail etc). This is a great idea: it isolates your other browser windows from crashes and also isolates your cookies, helping guard against CSRF attacks.
WordPress 2.3: Canonical URLs. Fantastic to hear that WordPress 2.3 supports this, and that they picked the right terminology for it (I’ve called the same thing “disambiguated URLs” in the past).
Halo 3 Site Demonstrates Flaws in SilverLight. The Halo 3 “interactive manual” is like a throwback to Flash in the late 90s—“skip intro”, pointless transitions, text you can’t select or enlarge, links that aren’t links—all wrapped up in an ugly blob (only this time it’s XML instead of binary data).
DbMigration—a schema migration tool for Django. Nice and simple tool for adding schema migrations to a Django application.
Large codebases are the problem, not the language they're written in. Find a way to break/decompose big codebases into little ones.
CSS Sprite Generator (via) Upload a zip file of images and get back a CSS sprite plus a set of pre-calculated background image rules. Tool built by Ed Eliot and Stuart Colville for their forthcoming book “High Performance Web Site Techniques”.