Sunday, January 11, 2009

Best of this Week Summary 29 December - 11 January 2009

  • Interesting comparison whether and when to use SOAP or REST.

  • OpenSocial now has Java, PHP, Ruby and Python client libraries available.

  • A few weeks ago, PKI which uses MD5 as cryptographic hash function, has now officially been broken at the hackers convention Chaos Communication Congress 2008. Six Certificate Authorities still give out MD5-signed certificates as mentioned in the article. Since 2004 it is already known that MD5-collisions can be created for different data. Therefore, certificates should be issued with at least SHA-1 encryption. Here's a summary of what an MD5 collision is and what Mozilla and Microsoft issued as advisories. Additionally some (other) SSL issues are described.

  • Nice summary of lessons learned during a project using GWT, Axis and JPA. Some more comments here.

  • Paper by Kate McKinley (a researcher at iSec Partners, a San Francisco security firm) on the privacy protection mechanisms of FireFox, Chrome, IE and Safari. Conclusion: "We find current browsers are unable to extend tracking protection to third party plug-ins such as Google Gears and Adobe Flash. Some of these require no user prompting under common configurations and even expose tracking data saved with one browser sites visited by a different browser. [...] Safari on Windows fared the worst of all in these tests with respect to private browsing, and did not clear any data at all, either before entering or after exiting the private mode. On OS X, Safari’s behavior was quirky; in no case was the HTML 5 database storage cleared before or after private browsing.".

No comments: