Rafal Los has a short, but eye-opening post on the X-Rumer link spamming tool from Russian BotMaster Labs.
This is some scary stuff and really shows that CAPTCHA is become less and less useful in the fight against comment spammers.
My wife and I are leaving in the morning to go on a week long vacation. It's been a while since we've done this, so we are looking forward to it. I'm sure going to miss the kids though. Our two children will be staying with my parents.
We are renting a cabin in Northern Minnesota (near Fargo, ND) and we are going to relax. It should be nice, especially with my new Kindle DX to help pass the time. I am looking forward to doing a lot of reading, and resting. We may do some fishing and boating. It should be a blast.
I was going to try to schedule some security tip posts for while I was away, but it just didn't happen. But I will probably work on some while I am away, so hopefully I will have some fresh content ready to go when I get back.
This is my first ever product review, so don't expect much.
I opened up my Amazon Kindle DX last night and my first thought was that I was over whelmed by the packaging. I had to open the outer box, tear off a paper sleeve and then open an inner box. Opening a lot of boxes makes me nervous. I think because I get the feeling that it will make it impossible to return if I can't get it all back in the way I found it.
The Kindle itself was, of course, in pristine condition. I read the instructions (no really I did), but they were short and to the point. Plug it in - Turn it on - Start to use.
Many of you who looked at my "Let's give some stuff away" post this morning probably saw only one thing (a 12robots.com t-shirt) among the available choices to win. This is because Amazon's affiliate programs web service is less than reliable, and I sometimes forget this.
Please, go take a look again. I have put in new information for the items that i will be giving away with non-affiliate links to the items.
Sorry for the confusion.
As an effort to promote application security awareness in the CFML community, I am going to do a little bit of giving things away. Specifically, I am going to be giving away some security related items.
As many of you know, I am very interested in Application Security. I am always trying to learn more about it and encourage others to learn more. Application Security is becoming more and more important even for our simple applications.
So to help encourage learning about application security, I am going to give away some of these security related learning materials to the good people of the CFML community who provide substantive comments on my blog.
In the past I have tried to make my blog posts very detailed. As a result, they tend to be long and take a very long time to write, which results in fewer entries. While this is not necessarily a bad thing, I would like to try to post more often. As a result, I have decided to start doing shorter posts that are general "tips" in secure web application development.
So I thought I would take a few minutes and blog about what I am working on. I don't expect anyone to care. Feel free to stop reading. I just wanted to write about something that does not require hours of research. I also wanted to just write SOMETHING, to get me back into it so that I do not become to lax in my blogging.
I have been evaluating Balsamiq Mockups this week to see what it is all about and to determine if I want to try to get it at work.
Balsamiq Mockups is a tool (built with Flex and Adobe® AIR) used to mock-up site designs and layouts. It has a really easy-to-use, drag-and-drop interface with a LOT of customization options. It has a huge variety of web site elements for you to drop into your mock-ups. In about 15 minutes I was able to put together this:
Just wanted to make a quick post letting my readers know that I am now using CFFormProtect from Jake Munson to protect my blog from spammers without needing to use CAPTCHA.
The main reason I did this is for accessibility. Since LylaCaptcha is not accessible to blind, low vision, and possible color-blind users, I do not feel it is an acceptable solution.
At first I was going to put in reCaptcha, but I tried it out, and the audio CAPTCHA was hard to hear. Then I saw Dan Wilson's post about CFFormProtect, so I thought I would give it a try. I will report my results in a few weeks.
Please let me know if you have any trouble with leaving comments on the blog. Hopefully this will make commenting easier.
As you may, or may not, have noticed. I have been quiet lately. This sucks. So here is what I am planning to blog about over the next few weeks. I am making a commitment to myself to get back on track.
1. The ColdBox projects I am working on right now (3 of them). I am really enjoying ColdBox, but I am not sure what to write about. Is anyone interested in reading about the basics? The docs are great, but maybe some would like to read about how I am doing it? Anyone? I don't want to write about ColdBox Event Handlers or Layouts & Views if no one is going to read it
2. My generic Transfer decorator. I have, with the guidance of Mark Mandel and Bob Silverberg, created a Transfer decorator for use with business objects to help me validate and populate my beans while still managing my user input and error message feedback cleanly
3. Ajax Security, got some reading to do on this, but it's got to be done.
4. My journey into Flex. With so much else going on, I can't imagine making time for Flex, but I am going to bFlex/bFuson this weekend, and I am not going to let it go to waste.
5. Encryption. I have been putting this one off for some time.
6. An idea for an open source project about which I am too shy to discuss just yet. I will probably be e-mailing some of the gurus to see if it seems like a good idea, or a waste of time.
Thanks everyone for reading, I appreciate you taking the time to read about what I am working on. I hope to continue delivering content (quality or otherwise).
