There was a lot of significant tech news at CNET this evening, including news about Yahoo’s new CEO, Carol Bartz, future Intel price cuts on quad-core processors to compete with AMD, Microsoft fixing holes in Server Message Block, Larry Magid’s column on the Net being less of a threat to children than previously imagined, but the story that caught my eye (OK, OK, all of the above stories ALSO caught my eye ) was one about the top 25 “most dangerous” coding errors, as judged by more than 30 security experts from U.S. government agencies , multinational companies, and academia (including the National Security Agency [NSA], the U.S. Computer Emergency Readiness Team [US-CERT], Mitre, the SANS Institute, Microsoft, Apple, Oracle, and the University of California at Davis).
The full list of coding errors is present (along with accompanying PDF for printing) on the SANS Institute (famous for the SANS [and FBI] “Top 20” security lists) Web site. Two of the coding errors alone led to more than 1.5 million web site security breaches during 2008, and those breaches led to the computers of visitors turning into zombies. The top two coding errors were “improper input validation” and “improper encoding or escaping of output.”
Those of you in the programming biz (and the security biz) might want to give the report a very serious “read.”
-Bill at Cheshire Cat Photo™
You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. Apparel and other gifts decorated with some of our most popular photos can be ordered from the Cheshire Cat Photo™ Store on CafePress®. Both Shutterfly™ and CafePress® ship to most international locations worldwide! If you don’t see what you want or would like to receive an email when new photos are up on the site, send us an email at firstname.lastname@example.org.