Some public notes

Instagram leaves its users open to a simple phishing attack

Back in the day when the British had a penchant for conquering the world, they ran into a little problem on the subcontinent; cobras. Turns out there were a hell of a lot of the buggers wandering around India and it also turned out that they were rather venomous which

People using target=’_blank’ links usually have no idea about this curious fact: ¶ The page we’re linking to gains partial access to the…

We shipped subresource integrity a few months back to reduce the risk of a compromised CDN serving malicious JavaScript. That is a big win, but does not address related content injection issues that may exist on GitHub.com itself. We have been tackling this side of the problem over the past few years and thought it would be fun, and hopefully useful, to share what we have been up to.

Securing your node application.

Tracking the FREAK Attack

requireSafe proactively audits your third-party Node.js modules and alerts you to security vulnerabilities.