It was pointed out to me that my CSP bookmarklet was using a feature added in ECMAScript 5, Object.keys, and thus did not work in older browsers. I added a bit of code to address this: Object.keys = Object.keys || function(obj) { var keys = []; for (var key in obj) { if (obj.hasOwnProperty(key)) keys.push(key); [...]
The most beautiful thing we can experience is the mysterious. It is the source of all true art and science. He to whom the emotion is a stranger, who can no longer pause and stand wrapped in awe, is as good as dead; his eyes are closed.
Archive for the ‘Security’ Category
Update to CSP Bookmarklet
Thursday, January 20th, 2011Content Security Policy Recommendation Bookmarklet
Thursday, October 14th, 2010I wrote a bookmarklet that analyzes the content on the current page and recommends a Content Security Policy based on the types of content it finds on the page and the sources of that content. The implementation also takes into account resources that are dynamically added to the page by JavaScript. For instance, today I [...]
Hacked my DEF CON 18 badge
Friday, July 30th, 2010I was only able willing to stay for part of the first day of DEF CON this year, but I’m glad I did. One of the things they’ve done for the last five years or so is put microcontrollers in the badges, and put in little Easter eggs for people to search for. This year’s [...]
WordPress and Content Security Policy
Monday, April 12th, 2010Lately, I have been implementing the server logic for Content Security Policy in WordPress. Today, I posted my first patch to WordPress, still a work in progress, which adds an administration panel for configuring CSP. One of the features I’m rather happy with is “Suggest Policy”, which analyzes the content in the user’s blog and recommends a policy based on the content types and sources it finds.
Python AES Implementation – Update
Saturday, April 4th, 2009I fixed two bugs in my AES implementation. The first was a padding bug which resulted in the loss of up to a block of data when decrypting certain ciphertexts. The second bug was a more serious security problem caused by the use of a static initialization vector.
AES Tutorial / Python Implementation
Sunday, June 10th, 2007I put together a series of slides as well as a Python implementation of AES, the symmetric-key cryptosystem.
PyRSA – RSA in Python
Saturday, June 18th, 2005I implemented the public key cryptosystem RSA in Python. Check out the article I wrote about RSA or download the source code.
RSA Algorithm
Thursday, May 5th, 2005I wrote an article on RSA, a popular public key encryption scheme. Eventually, I am going to implement RSA in Python.