Recently, there’s been some excitement over the discovery that some sites are (ab)using browser password managers to identify users even when they’re not logged in. This technique (I call it the “NameTag vulnerability”) isn’t new or novel, but the research showing that it’s broadly being used “in the wild” is certainly interesting1, and may motivateContinue reading “Taking Off Your NameTag”
Author Archives: ericlaw
What If?
Spoiler alert If you haven’t read For a Lark yet, please go read that first. What If? I like to think. Well, actually, I’m not sure I like to think, but I find it really hard to relax and let my brain rest… given a few minutes of idle time, I usually find myself deep inContinue reading “What If?”
Strict-Transport-Security for *.dev, *.app and more
Some web developers host their pre-production development sites by configuring their DNS such that hostnames ending in .dev point to local servers. Such configurations were not meaningfully impacted when .dev became an official Generic Top Level Domain a few years back, because even as smart people warned that developers should stop squatting on it, Google (the owner of theContinue reading “Strict-Transport-Security for *.dev, *.app and more”
For a Lark
“Happy Holidays” David said as he poked his head into my office, handing me an unwrapped holiday card featuring a kitten in a Santa hat. As I took it, I nearly dropped a small white envelope that slipped out from inside. The inscription in the card read simply “Best wishes, David – 2010.” “Uh, thanks,Continue reading “For a Lark”
Google Internet Authority G3
For some time now, operating behind the scenes and going mostly unnoticed, Google has been changing the infrastructure used to provide HTTPS certificates for its sites and services. You’ll note that I said mostly. Over the last few months, I’ve periodically encountered complaints from users who try to load a Google site and get an unexpectedContinue reading “Google Internet Authority G3”
text/plain 