Did you know that you can now bring your avatar with you when you log into Passport?
Gravatar provides users with a globally recognized avatar. If you already have a Gravatar account then you need not do anything else, we’ve taken care of everything. For those without a Gravatar account you’ll still see a randomly generated Gravatar. Everyone wins.
Software security is a big deal (167 million LinkedIn user account details are currently for sale on the dark web). Most applications fail to secure user data sufficiently, leaving them vulnerable to attacks resulting in dire consequences.
To combat this issue, we are excited to announce the release of our complete 2016 Guide to User Data Security. The guide compiles everything our development team knows about server and application security and delivers step-by-step code to help you secure your user data. It covers key concepts such as server architecture, firewalling, intrusion detection, password security, two-factor authentication, social hacks, SQL injections and more.
Recently, I was working with a customer that had a URL slip through CleanSpeak’s URL filter. The URL looked something like this:
The trick this user employed to get around our URL filter was using the Unicode character “ 。”(code point 0x3002 or UTF-8 0xE38082). This character looks like a period but wasn’t in the list of valid URL separators that CleanSpeak handles.
My initial thought was to simply add the character to the list. That required me to look up the Unicode code point for it first. I then realized that there were a ton of other characters that also looked like periods. In order to properly handle this, I’d need to add all of them to the list. I also noticed that there were numerous other characters someone could use to trick the URL filter like arrows, pictures and symbols.