Back in April, we announced: Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode. This is true, but it’s perhaps a little misleading, based on some of the tweets we’ve seen: What isn’t mentioned inContinue reading “Chrome Field Trials”
Author Archives: ericlaw
Stealing your own password is not a vulnerability
By far, the most commonly-reported “vulnerability” reported to the Chrome Vulnerability Rewards program boils down to “I can steal my own password.” Despite having its very own FAQ entry, this gets reported to the VRP at varying levels of breathlessness, sometimes multiple times per day. You can see this “attack” in action: Yes, it’s true,Continue reading “Stealing your own password is not a vulnerability”
Speaking at DevReach 2017
I’ll be delivering two talks (about HTTPS and Fiddler) at the DevReach 2017 conference in Sofia, Bulgaria. It’ll be fun to get back to Europe, and I’m looking forward to seeing old friends and colleagues. Hope to see some of y’all there! -Eric
Working with “Big Data” in .NET
For simplicity (and because I didn’t know any better at the time), Fiddler uses plain public byte[] array fields to represent the request and response bodies. This makes working with the body data trivial for authors of extensions and FiddlerScript, but it also creates significant shortcomings. Using fields rather than properties improves performance in some scenarios,Continue reading “Working with “Big Data” in .NET”
Fiddler And LINQ
Since moving to Google at the beginning of 2016, I’ve gained some perspective about my work on Fiddler over the prior 12+ years. Mostly, I’m happy about what I accomplished, although I’m a bit awed about how much work I put into it, and how big my “little side project” turned out to be. It’sContinue reading “Fiddler And LINQ”
text/plain 