Web Development Forum

Earlier this month, security outfit FireEye’s 'FireEye as a Service' researchers out in Singapore [discovered and reported](https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html) on a phishing campaign that was found to be exploiting a zero-day in Adobe Flash Player vulnerability (CVE-2015-3113). That campaign has been well and truly active for a while now, with attacking emails …

It all started pretty well, with the announcement by Mozilla at the end of last month that the Firefox web browser would make the Internet a safer place by encrypting everything. That's everything, even those connections where the servers don't even support the HTTPS protocol. Developers of the Firefox browser …

Content Management Systems (CMS) may not be the most interesting topic on the tech table, but oh boy does WordPress liven things up in this sector. Not, it has to be said, always in a good way. I've lost count of the number of WordPress vulnerability stories that I've read …

Spring has been getting rather unseasonably hot for Apache users as far as security flaws go. First there was news of how the FREAK (Factoring Attack on RSA-EXPORT Keys) vulnerability could impact Apache. For more on FREAK see this [excellent analysis](http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html) by Matthew Green, a cryptographer and research professor at …

Google has been quick to blacklist domains implicated, most often unwittingly, in the distribution of what has become known as the SoakSoak malware campaign courtesy of soaksoak.ru being the first domain in the redirection path it used. With 11,000 domains blocked over the weekend, you might be forgiven for thinking …

As well as being CEO of penetration testing specialists High-Tech Bridge, Ilia Kolochenko is also perhaps unsurprisingly a white hat hacker of some repute. Equally unsurprising is the fact that he has [warned](https://www.htbridge.com/blog/plugins_and_extensions_the_achilles_heel_of_popular_cmss.html) that security vulnerabilities in leading CMS platforms such as Drupal, Joomla and WordPress are effectively leaving the …

A report from Hold Security claims that one of the biggest ever online heists has been committed by a Russian crime gang. It would appear that the data theft includes, wait for it, no less than 1.2 billion (yes billion) username and passwords along with around half a billion email …

Feedly app left attack window open for malicious JavaScript hackers according to one security researcher. Security consultant and blogger Jeremy S [revealed](http://breaktoprotect.blogspot.in/2014/04/feedly-android-application-zero-day.html) that the Feedly Android app, or at least the version prior to the update on March 17th 2014, had been subject to a zero-day JavaScript code injection vulnerability. …

A minor update to the 1.6 version of jQuery was just released today. After a big outcry of version 1.6's changes to the way properties work, the jQuery team quickly released version 1.6.1 to make the new techniques more compatible with the older functionality, hopefully preventing sites from breaking. The …

...and the Microsoft AJAX Library, err, and the ASP.NET AJAX Control Toolkit. Yep, Microsoft has not only finally come up with an official name for the AJAX technologies which until now have been known collectively as ‘Atlas’ but has also split it into three individual products. All are expected to …

Over the last couple of days the online media seems to have gone crazy for the news that the Google Chrome web browser client has overtaken Microsoft Internet Explorer to become the most popular browser on the planet. This based entirely upon the fact that, for a single week, and …

Everyone loves PHP these days it seems, and that includes the bad guys. So it should come as no surprise to learn that yet another remote access Trojan written using PHP has appeared. However, the fact that this particular bit of PHP backdoor code comes complete with a second, hidden, …

Most of the reports out yesterday about the release of [URL=http://www.microsoft.com/ie8]Internet Explorer 8[/URL]Beta 2 focused on its so-calledInPrivate Browsing, which leaves no trace of the Web sites you visit and protects anonymity. And while that's certainly useful, developers are likely to be more interested in its improvements in DOM and …

According to the 2009 Web Application Security Report from NTA Monitor, 90% of all web applications have at least one medium risk vulnerability and 27% have at least one high risk vulnerability. Apparently the most common vulnerabilities are those which involve SQL injection, cross-site scripting and cross-request forgery. One data …

I read a [URL="http://www.infoworld.com/d/open-source/open-source-innovation-the-cutting-edge-582"]story[/URL] this morning over at [URL="http://www.infoworld.com"]Infoworld.com[/URL] that shocked me a bit. Neil McAllister discusses how proprietary software companies, like [URL="http://www.microsoft.com"]Microsoft[/URL], criticize open source projects by saying that, "They don't innovate, they copy." Is that really the consensus for an entire software realm that brought us the [URL="http://www.w3.org"]world …

If you are a PHP, Zend or IBM fan, today Zend and IBM announce a major release for IBM i-Series Servers. Zend Technologies and IBM are working together to offer PHP solutions for IBM i customers. Today Zend announced Zend Server for IBM i, a Web Application Server for applications …

What if you had access to the millions of tweets that flow to and from Twitter users every day? Perhaps you'd build something like [url=http://www.daniweb.com/news/story240308.html]PostRank[/url], which amasses them along with other data from social media sites to trackcyber-reaction to posted articles. Or maybe you would filter them by demographic and …

Today, Tuesday November 10, 2009, [URL="http://www.novell.com"]Novell[/URL] announces a Visual Studio plugin that allows support for non-Microsoft operating systems that use .NET code development on a platform known as [URL="http://go-mono.com"]Mono[/URL] via a new product called [URL="http://go-mono.com/monovs/"]Mono Tools for Visual Studio 1.0[/URL]. This is not a cost free toolset. In fact, it's …

With all the libraries available that have emerged, Java and Ajax applications practically build themselves these days. This week Java tool maker Instantiations added support for Ext GWT to [url=http://www.instantiations.com/gwtdesigner/]GWT Designer 7.2[/url], the latest version of its Eclipse-based drag-and-drop GUI-building environment that can be had for as little as $5 …

You have to give Sony credit, they are really trying new strategies to wrestle eBook marketshare from the Amazon Kindle. This month [URL="http://news.sel.sony.com/en/press_room/consumer/computer_peripheral/e_book/release/41492.html"]they announced several new editions [/URL]of the Sony Reader, including the brand new Reader Daily Edition, which should be in stores in time for the holiday shopping season. …

In a move that could only be characterized as surprising, Sony announced last week that it was going to be using the open [URL="http://www.idpf.org/"]ePub eBook standard[/URL], which in theory should enable [URL="http://ebookstore.sony.com/reader/"]Sony Reader[/URL] users to access and use any books created around the standard. Sony Readers will also be able …

A company has been awarded a patent for providing episodic media downloads, which essentially gives it a patent on all forms of podcasting. The company, VoloMedia, calls itself the "leading provider of advertising and reporting solutions for portable media, extending the reach of video and audio from the PC to …

Research released this week by Evans Data showed that 73 percent of the market currently use or plan to adopt the [url=http://en.wikipedia.org/wiki/Spring_framework]Spring application framework for Java[/url] within the next two years. More remarkable is that 83 percent of companies with 500 or more developers use Spring, according to the study[/url]. …

I don't know the extent to which this story has crossed the shores to America, but our local friendly far-right political party the British National Party has had details of its members published on the Internet. I'm not going to rehearse their arguments for them - you know the sort …

Good IT management doesn't take place in a vacuum. If you're going to make the right decisions and lead people in ways that will make them want to follow, you need an arsenal of information. Of course, overworked CIOs and IT managers don't have time to sift through hundreds of …

Last week [URL="http://www.adobe.com"]Adobe[/URL] surprised a few people—well, at least it surprised me--with the announcement that it was including [URL="http://www.alfresco.com/"]Alfresco[/URL] content management services as part of its LiveCycle Enterprise Suite Update 1 package. The surprise was two-fold, that Adobe felt it was necessary to add content management services at all and …

[URL="http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"]Multiple arbitrary code execution vulnerabilities in Ruby[/URL] have been revealed by the [URL="http://www.apple.com/support/security/"]Apple Product Security[/URL] team which could lead to Denial of Service attacks. A total of five vulnerabilities have been reported, with versions impacted being: [INDENT]1.8.4 and all prior versions 1.8.5-p230 and all prior versions 1.8.6-p229 and all prior …

Web developers everywhere might be breathing a collective sigh of relief today as eBay opened its APIs, which it says will simplify the job of creating add-ons for the online auction site and integrate it with enterprise applications. But perhaps more valuable to some is the access gained to the …

If you’re a Ruby or Python developer building AJAX applications, you’ve got to learn JavaScript. Even if you’re converting Ruby code to client-side JavaScript with a tool like [URL= http://www.scribd.com/doc/220397/RJShow-it-works] RJS[/URL], it can still be helpful to know the AJAX component for adding features and debugging. Now Microsoft is promoting …

Yahoo Inc., the apple of Microsoft’s eye in recent weeks, has unveiled improvements to the [URL=http://developer.yahoo.com/] Yahoo Development Network[/URL], Web-service capabilities and advertiser opportunities. The moves could be seen as an attempt to show Yahoo’s value is greater than the US$40 billion acquisition bid of the Redmond giant. Most recent …

OK, I know that Sun Microsystems has already open-sourced the Java EE5 application server code under the auspices of its [URL="https://glassfish.dev.java.net/"]GlassFish [/URL]project, but the breaking news is that the full Java source code is to follow next. Sun has announced that the Java code will be covered by the General …

So Intel has announced, at the Web 2.0 Conference, that it is launching into the Web 2.0 space with [URL="http://www.suitetwo.com/"]SuiteTwo[/URL]. This integrated suite, courtesy of a collaboration with numerous partner companies, sees Intel positioning itself in the same way as Google does with its services. That is a collection of …

Larry Sanger may have co-founded [URL="http://www.wikipedia.org"]Wikipedia[/URL], and I say ‘may’ as Jimmy Wales seems to dispute this somewhat and prefers to refer to Sanger as merely an employee, but there is no doubt that it was Larry who came up with the name Wikipedia. A great name, it has to …