I posted this over at the Mozilla Security Blog but wanted to share it here as well. I am excited to report that Content Security Policy is available for testing! We’ve been working hard on implementing the CSP spec and now the new features are ready to be put to the test.
I would like to encourage any interested parties, whether web security researchers or website administrators, to head over to Mozilla Try Server and grab a preview build of Firefox with CSP enabled:
Once you have it, you can test the core functionality of CSP at the demo page I set up on my Mozilla web space. There is a lot more information about this project there and I look forward to any feedback you have to share with me.
I fixed two bugs in my AES implementation. The first was a padding bug which resulted in the loss of up to a block of data when decrypting certain ciphertexts. The second bug was a more serious security problem caused by the use of a static initialization vector.
I published a proposal for a set of browser security features that I hope to get turned into an open web standard and implemented in a future version of Firefox. The goal is create a mechanism that allows websites to communicate security policies to the browser which dictate how web content should behave.
I wrote a Python script that converts a CIDR Block into a list of individual IP addresses, one-per-line. I found that I needed to repeat some network-related tasks across an entire subnet, and this script provides an easy way to automate these kinds of tasks in a shell environment. The source code and sample usage for the script follow:
One item to note is a key difference between the way this program computes a CIDR block and others I have seen. The lazy way to convert a CIDR block to a list of IPs is to calculate the number of IP addresses in the subnet, (2^(32 – $subnetSize)), and simply increment the base IP address that number of times. This method is deficient because, as in the example usage above, the base IP address that is specified may fall somewhere in the middle of the range of IP addresses (not necessarily at the beginning).
In my script, I calculate the CIDR block members the correct way. I am converting the base IP address to its binary form, zeroing-out the number of least significant bits as specified in the subnet size, and starting the enumeration of IP addresses at the bottom of that range.