How does a website hosting a search for used cars already know my postcode?

I was a little confused about this, but the answer is obvious – yes I had used this search service before. In fact the basic search criteria could be easily pre-populated from data already persisted to my machine. The website in question utilizes Adobe Flash Player technology and a quick trip to their Settings Manager helped me understand what was going on. In my case the feature was quite convenient, but certainly behaviuor to be aware of if you are using a shared machine.

A few days ago, the network interface on my system ground to a halt. The arp and netstat commands suggested something strange might be going on, but I really needed to correlate the network connections with the system processes. I then discovered the -b flag for netstat (on Windows XP) which does exactly this, and helped me to isolate the problem.

More information on netstat and the -b flag is available here > http://commandwindows.com/netstat.htm

I found this article in a BCS security news letter that I received in my inbox this morning.

It provides an interesting angle on the testing (checking) of web applications, as even a seemingly trivial deployment may be exploited as part of a system attack.

(more…)

I was sent this link this week by fellow Test Architect, Alasdair Paton.

Dangerous coding errors revealed

25 of the most dangerous bugs in software as defined by the US National Security Agency (NSA). The question Alasdair posed was how many of these had I found? I also wondered how many we actually go looking for?
I could see about 6 or 7 that we see regularly and actively look for.

Thoughts?