Or, what we can learn about marketing from cupcakes.

Living in a household with numerous roommates, food items tend to appear and disappear by the minute. Recently, a tray of cupcakes appeared (thanks, Karma) and I observed them disappear over the next day.

I started noting geometric patterns with which the cupcakes would be consumed.

Color, placement, and little plastic ring style determined their rate of consumption. For example, the red cupcakes went much faster than the purple ones. Also, the cupcakes with no plastic rin





...

You may have read recently how Google's China division was attacked by Chinese nationalists to locate political dissidents, spurring Google to refuse to keep censoring their search results in China.

This is an interesting topic in its self, but I want to talk about the security exploit used, the 0-day exploit, "Aurora," used against Microsoft Internet Explorer that caused this whole fiasco.

Yet again IE screws up big time. Why Google employees were using IE is beyond me, but it highlights just another disaster caused by the buggy IE.




...

Last year, I started a study. I wanted to observe comment spammers in their natural environment, see how they function, how they move, and every other bit of data I could possibly find.

So, I set up a spam trap. A fake comment form rigged to collect data, here are the results.

1) These bots found my comment form via a robots.txt Disallow statement, or via a rel="nofollow" link, meaning they intentionally look for things that web developers don't want scanned.

2) Only one out of the nearly 2,000 spammers had JavaScript enabled.




...

Dear assorted banking institutions, specifically those with online banking.

Please stop putting absurd restrictions on password length or permitted characters.

Recently, I changed banks, from who to who will remain private, but suffice it to say that I have now experienced three separate banking websites.

In each case, the password length was restricted to less than 10 characters, and only permitted alphanumeric characters, in other words, a-z, A-Z, and 0-9.

One particularly bad case, the password was limited to 7 alp







...

From the same guy who brought the AutoStumbler I bring you the AutoDigger!

I reported the issue, and it has been corrected, meaning I get to publish!

The exploit works on the same principle as before, a common XSS keyhole located in the search engine allows for automatic submission of the "Digg It" action.

Granted, the code I made for this exploit was much nicer than before. Based on AJAX as opposed to iframes, and used referrer spoofing in the AJAX headers.

The exploit works like th







...