I will collect some of my thoughts about the current beta 2 of Internet Explorer 8 [1] I have noticed during IE8 community roundtable [2] last week:
Posted by Michael Schwarz on Monday, September 1, 2008
In my last post [1] I wrote about how you can use sockets in Silverlight 2 beta 1 [1]. Well, when publishing my application to a Internet domain the code didn't work. I always get a socket exception: error code 10013, access denied. I have put an example online at http://frankfurt.schwarz-interactive.de:4510/test.aspx [2].
Posted by Michael Schwarz on Saturday, March 8, 2008
Today I opened the turkish version of Google [1] and did a search for something I cannot remember. The thing was that I didn't hit enter, instead I clicked on the button Google'da Ara. What I noticed then was that the ' was not correct url encoded. Hm, nothing you have to care about. But after clicking on a link to a blog from the search results I found the same wrong url encoded url in the who is linking me section. While reading the page I had the idea to do some more testing with the apostrophe (or a quote).
Posted by Michael Schwarz on Wednesday, April 11, 2007
There are a couple of web sites reporting about security issues that hackers can use to invoke AJAX methods or use the JSON output to get data from other web applications. Specificallly, these attacks use HTTP GET requests invoked via an HTML <script src=""> include element to circumvent the "same origin policy" enforced by browsers (which limits JavaScript objects like XmlHttpRequest to only calling URLs on the same domain that the page was loaded from), and then look for ways to exploit the JSON payload content. The use of HTTP POST is only working if you are in the same domain, which does not mean this is not a dangerous security issue if used in web sites where different users can access data (i.e. spaces.live.com, blogger.com,...); there it is very easy to run HTTP POST with XmlHttpRequest object in the same domain (see Google XSS bug [1]).
Posted by Michael Schwarz on Saturday, April 7, 2007
In the past you may have heared about more and more security bugs on well-known web sites you use maybe more often a day. Below there are some tips you should have in mind when browsing:
Posted by Michael Schwarz on Tuesday, January 16, 2007
On next Tuesday I will talk at the .NET User Group in Munich / Germany [1] about following topics:
Posted by Michael Schwarz on Wednesday, January 10, 2007
During the weekend I found an script error on the Google pending members web page. Because I was using the new Google groups beta interface I didn't looked on it. But today the script error still occurs and I noticed the same error on the older version, too. I had a look inside the generated html output and found that there was a script tag that was not closed, ah, it was a membership request message.
Posted by Michael Schwarz on Monday, December 4, 2006