Is the end of Compuserve near?

The old CompuServe* as we knew it went away about a year ago, replaced by a Prospero CMS site that looks and feels like every other big community site on the web. Today the graphic banner at the top of the pages became the Netscape banner. I know both these sites are now essentially hosted on the same (cluster of?) servers with different URLs producing different content so this could just be a CMS screw up OR it could be CompuServe's last gasp.

*If you click that link, pointing to www.compuserve.com, then examine where you wind up, you'll see CompuServe is now joined at the hip with Netscape.

Hands on security training

It's at least very hard, if not impossible, to learn how to recognize security problems in applications without seeing what they look like. Knowing how they work (what the vulnerability is) is all well and good but the practical aspect of seeing what caused the vulnerability is, to steal a phrase, priceless. To that end the Open Web Application Security Project (OWASP) has created a demonstration application called WebGoat. Why do that? Well OWASP believes that although there are plenty of live applications out there you could learn on, it isn't really advisable or ethical to attack an application without permission, regardless of your intent.

What does WebGoat do? Here's part of the description exerpted from the project home page.

WebGoat is a full J2EE web application designed to teach web application security lessons. In each lesson, users must demonstrate their understanding by exploiting a real vulnerability on the local system. The system is even clever enough to provide hints and show the user cookies, parameters and the underlying Java code if they choose. Examples of lessons include SQL injection to a fake credit card database, where the user creates the attack and steals the credit card numbers.

IE User Interface Designer Switches to Firefox

The gentleman who did a lot of the user interface design for Internet Explorer versions 1-5 has switched to Firefox. He bares his soul on his blog as the Bill and Steve Experience shake out another double handful of Tums.

Microsoft Ain't Google

One quick question from a CNET interview with Bill Gates can give you a good feel for what Microsoft is not.

CNET: So that would be the philosophical difference between Microsoft and what Google is up to at this point?

Gates: Well, we don't know everything they are up to, but we do know their slogan and we disagree with that.

I wasn't sure what he meant by that so I went to the Google corporate info site to see what the basic principles are they espouse, with which I guess we can assume Microsoft disagrees. Under "Corporate Philosophy" I found these Ten Things (4 and 6 could be the problem) or I could see Microsoft having a problem with all of Google's Software Principles.

Of course it could lay right in the first line of the Company Overview, "Google's mission is to organize the world's information and make it universally accessible and useful." Microsoft's view is almost identical but the phrase, "only to people running Microsoft software on computers running Microsoft operating systems" would be appended.

Nothing More Need Be Said

Yes, Bush is one of the worst disasters to hit the US but that's not breaking news to anyone in the US.

The Six Dumbest Ideas in Computer Security

Here's an excellent article by Marcus Ranum about a number of seemingly logical mistakes we make when thinking about strategies for improving the security of our systems. I'll just whet your appetite with the high level. Here are Ranum's six dumbest ideas.

1. Default Permit
2. Enumerating Badness
3. Penetrate and Patch
4. Hacking Is Cool
5. Educating Users
6. Action Is Better Than Inaction