Tuesday, September 30, 2008

2008-09-30 Tuesday

CSRF Flaws Found on Major Websites
"Researchers from Princeton University today revealed their discovery of four major Websites susceptible to the silent-but-deadly cross-site request forgery (CSRF) attack"

Popular Websites Vulnerable to Cross-Site Request Forgery Attacks

Cross-Site Request Forgeries: Exploitation and Prevention
William Zeller? and Edward W. Felten?y
?Department of Computer Science
?Center for Information Technology Policy
yWoodrow Wilson School of Public and International Affairs
Princeton University

Some interesting links:

The Linux Reading List HOWTO

The Loginataka

The Unix Koans of Master Foo (Eric Steven Raymond)

The Power of a Programming Portfolio

How To Become A Hacker

Structure and Interpretation of Computer Programs - 2nd Edition (MIT Electrical Engineering and Computer Science) (Hardcover)

How to be a Programmer: A Short, Comprehensive, and Personal Summary

How To Ask Questions The Smart Way

The Unix and Internet Fundamentals HOWTO

Software Release Practice HOWTO

Eric Nelson on Windows as a Web Platform

Introducing Spring Batch

Manage component dependencies for improved system quality

Extreme Transaction Processing, Low Latency and Performance

TheServerSide Tech Brief

Java theory and practice: Are all stateful Web applications broken?

Brian Goetz - Java Theory and Practice series

Mule module "Smooks for Mule" 1.0 Released
Smooks is a Java Framework/Engine for processing XML and non XML data
(CSV, EDI etc).

Smooks can be used to:

* Perform a wide range of Data Transforms - XML to XML, CSV to XML, EDI
to XML, XML to EDI, XML to CSV, Java to XML, Java to EDI, Java to CSV,
Java to Java, XML to Java, EDI to Java, JSON to Java, JSON to XML etc.
* Populate a Java Object Model from a data source (CSV, EDI, XML, JSON,
Java etc). Populated object models can be used as a transformation
result itself, or can be used by (e.g.) Templating resources for
generating XML or other character based results. Also supports Virtual
Object Models (Maps and Lists of typed data), which can be used by EL
and Templating functionality.
* Process huge messages (GBs) - Split, Transform and Route message
fragments to JMS, File, Database etc destinations.
* Enrich a message with data from a Database, or other Datasources.
* Perform Extract Transform Load (ETL) operations by leveraging Smooks'
Transformation, Routing and Persistence functionality.

Smooks supports both DOM and SAX processing models, but adds a more
"code friendly" layer on top of them. It allows you to plug in your own
"ContentHandler" implementations (written in Java or Groovy), or reuse
the many existing handlers.

No comments: