One of the cooler features of OpenID is delegation. This means, instead of having your OpenID identifier be

yourname.myopenid.com

it can be

yourdomain.com

Much easier to remember, right? And it’s really easy to do, too! Here’s how I did it.

The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software. Researchers in software security can use the Top 25 to focus on a narrow but important subset of all known security weaknesses. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software.

Using just open source tools and a few tweaks, it is possible to detect and block suspicious login attempts.

RPX provides a fully managed sign-in interface that is quick and easy to add to your website. It helps the user choose a sign-in provider, and remembers their decision next time they visit your site, for a one-click login experience. The interface is available either as a javascript popup, or as an IFrame embeded directly into your page.

OAuth is a simple way to publish and interact with protected data. It's also a safer and more secure way for people to give you access. We've kept it simple to save you time.

This guide is intended for a technical audience with focus on implementation. I dedicate one section to the end-user perspective which is something I expect many others will address with mockups, user interface designs, best practices guides, and of course working services. To make the most out of this guide, keep the specification handy as I will be referencing it, walking you through the spec and adding color where needed. This guide does not replace the specification nor can it be used alone for implementation as it is incomplete.

Did you know that all websites that you visit can find out which fonts you have installed? It's also possible to find out if you have a range of programs installed. These include Adobe Reader, OpenOffice.org, Google Chrome and Microsoft Silverlight. Perhaps even which sites you have visited lately can be detected!

When you surf around the internet your browser leaves behind a trail of digital footprints. Websites can use these footprints to check your system. BrowserSpy.dk is a service where you can check just what information it's possible to gather from your system, just by visiting a website.

Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is “123456”.

Google thrives where privacy does not. If you're like most internet users, Google knows more about you than you might be comfortable with. Whether you were logged in to a Google account or not, they know everything you've ever searched for, what search results you clicked on, what news you read, and every place you've ever gotten directions to. Most of the time, thanks to things like Google Analytics, they even know which websites you visited that you didn't reach through Google. If you use Gmail, they know the content of every email you've ever sent or received, whether you've deleted it or not.

...

GoogleSharing is a system that mixes the requests of many different users together, such that Google is not capable of telling what is coming from whom.

[...] we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.

...

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.