Tuesday, June 25, 2013

Firefox 22 is Available

It may not be announced yet, but you can still get the binaries on their FTP Servers.

The release notes lists all changes implemented on this version:
  • Windows: Firefox now follows display scaling options to render text larger on high-res displays
  • WebRTC is now enabled by default!
  • Mac OS X: Download progress in Dock application icon
  • HTML5 audio/video playback rate can now be changed
  • Social services management implemented in Add-ons Manager
  • asm.js optimizations (OdinMonkey) enabled for major performance improvements
  • Improved WebGL rendering performance through asynchronous canvas updates
  • Plain text files displayed within Firefox will now word-wrap
  • For user security, the |Components| object is no longer accessible from web content
  • Improved memory usage and display time when rendering images
  • Pointer Lock API can now be used outside of fullscreen
  • CSS3 Flexbox implemented and enabled by default
  • New Web Notifications API implemented
  • Added clipboardData API for JavaScript access to a user's clipboard
  • New built-in font inspector
  • New HTML5 <data> and <time> elements
  • Scrolling using some high-resolution-scroll aware touchpads feels slow (829952)

Thursday, June 13, 2013

OWASP Top Ten Web Application Security Risk 2013

OWASP has released an update to their Top Ten of Web Application Security Risk. The previous version was released three years ago in 2010.

Injection is still considered as the top risk for any web applications. Broken Authentication and Session Management is now on second position, followed by XSS which goes down from second position. XSRF goes down to 8th position and Security Misconfiguration has gone up to 5th position.

Here are the complete list of Top Ten:
  • A1 Injection
  • A2 Broken Authentication and Session Management
  • A3 Cross-Site Scripting (XSS)
  • A4 Insecure Direct Object References
  • A5 Security Misconfiguration
  • A6 Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6)
  • A7 Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access)
  • A8 Cross-Site Request Forgery (CSRF)
  • A9 Using Known Vulnerable Components (new but was part of 2010-A6 – Security Misconfiguration)
  • A10 Unvalidated Redirects and Forwards
Get the PDF version

Sunday, June 09, 2013

Community Service Learning Program

Tomorrow the students will start their community service learning program in Banjaroya, Kulon Progo for one month. This year, the service learning program in UKDW are split into two areas: Kulon Progo and Tobelo, Halmahera, North Sulawesi. The ANU students will go  to Tobelo, while the HK students will go to Kulon Progo.

I wish the best for them and hopefully everything works as intended and the students can learn something from the local people about local wisdoms.

I became the coordinator for this year's YKFS V (Yogyakarta Kampung Field School) program as the last year coordinator is now become the coordinator in Tobelo. This gives me a chance to get more experience managing a lot of people together to complete this program by next month.