PayPal Groks Security?
Original post provide by Chris ShiflettVia Jeremiah, I see that PayPal’s new vulnerability disclosure policy includes an amnesty clause for well-intentioned security researchers:
To encourage responsible disclosure, we commit that - if we conclude that a disclosure respects and meets all the guidelines outlined below - we will not bring a private action or refer a matter for public inquiry.
Their guidelines include some subjective language, so I’m not sure how much protection this policy actually offers. (Any lawyers want to clarify?) Here they are:
-
Share the security issue with us before making it public on message boards, mailing lists, and other forums.
-
Allow us reasonable time to respond to the issue before disclosing it publicly.
-
Provide full details of the security issue.
PayPal also describes what not to do:
-
Potential or actual denial of service of PayPal applications and systems.
-
Use of an exploit to view data without authorization, or corruption of data.
-
Requests for direct compensation for the reporting of security issues either to PayPal, or through any external marketplace for vulnerabilities, whether black-market or otherwise.
If you’re like me, some questions come to mind. How much time is reasonable? Since data can be anything, how do we know if we view data without authorization? Don’t most people assume they’re authorized to view something if they’re allowed to view it? Does intent matter?
Questions aside, here’s hoping this is a genuine attempt to do the right thing. Thanks, PayPal.
To my fellow Americans, have a wonderful Thanksgiving holiday! To everyone else, have a nice rest of the week. 
Posted Wed, 21 Nov 2007 21:48:21 GMT in Chris Shiflett’s Blog 
Solar 1.0.0alpha1 Released
From the Solar site,Solar is a PHP 5 framework for rapid application development. It is fully name-spaced and uses enterprise application design patterns, with built-in support for localization and configuration at all levels.The site goes on to say, It uses concepts derived from the Savant template system, the DB_Table object-relation management package, the Yawp foundation for PHP applications, and the organizational structure of PEAR.You can learn more about the Solar Framework at the Solar site, read the release notes on Paul's blog, or simply jump in and download your own copy.
Drupal, EZ Systems Make EContent Top 100
This list was chosen for “the companies that matter most in the digital content industry.” They join the ranks of Google, Microsoft, Adobe, and Apple. Congratulations to both companies for such an achievement! If you'd like to see the entire list, you can take a look at the EContent Mag site.
Google’s Paid Search Vs. Organic Results - A Rickety Wall Of Separation
I am willing to bet that this perk was not Google’s idea. Rather, it almost certainly stemmed from the sense of entitlement that those spending large sums on paid search felt and the fact that technical help with their organic search engine placement is what they demanded.
Web Writing Rules
Many writing experts recommend cutting the use of “is” and “be” in writing, which I’ve worked to do. Dodging these words is no easy task! Oops, I did it again. Tags: content, web sites, meryl k. evans
7 Points Of Contact In The World Of Online Marketing
Your Web site can also be promoted in the form of newspaper advertising, client giveaways that share your brand/company name/URL, postcard campaigns, press campaigns, radio guest spots and such. This will bring more clicks, which contributes to your site’s overall popularity.
More Articles:
PHP5 Mit IMAP Unter Mac OS X
Nach dem Entpacken des Paketes wird dieses zunächst per: $ make oxp für Mac OS X gebaut. Das IMAP Paket enthält eine komplette IMAP Umgebung und die Installation dafür wäre deshalb auch dementsprechend umfangreich. Für PHP wird jedoch lediglich c-client benötigt, deshalb wird auch nur dieses "installiert", z.b.: $ mkdir -p /usr/local/imap-2006k/include /usr/local/imap-2006k/lib $ cp c-client/.h /usr/local/imap-2006k/include $ cp c-client/.c /usr/local/imap-2006k/lib $ cp c-client/c-client.a /usr/local/imap-2006k/lib/libc-client.a Anschliessend kann man PHP mit folgenden Parametern neu configurieren und bauen: './configure' '--prefix=/opt/php5' '--enable-force-cgi-redirect' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-bz2' '--with-curl' '--without-gdbm' '--with-gettext=/opt' '--with-iconv' '--with-openssl' '--with-regex=system' '--with-xml' '--with-zlib' '--enable-exif' '--enable-sockets' '--enable-track-vars' '--enable-trans-sid' '--with-mysqli=/usr/local/mysql/bin/mysql_config' '--enable-memory-limit' '--enable-fastcgi' '--enable-memcache' '--enable-zip' '--enable-http' '--without-pdo-sqlite' '--without-sqlite' '--enable-mbstring' '--with-imap=/usr/local/imap-2006k' '--with-kerberos'
Announcing November Issue Of Php|architect
Leveraging PHP 5’s object model, explore the nature of behaviour and explain how objects can represent, implement and decouple behaviours to achieve more flexible and architecturally strong applications.Use the Force.com, Luke! by Jeof Oyster There’s CRM software, and then there’s CRM software.
Php|architect Has A New Site!
For a limited time, we're offering free shipping on all our books to the U.S. and Canada, and special prices for international orders. If you're interested, our published Marco Tabini has also published a post with more information on the technical side of the redesign on his blog.
Three Days Left For Our IPod Promo!
The php|a Team writes: Like all good things, our hugely popular iPod training promotion is rapidly coming to an end—in fact, there are only three days left!You can still get a free iPod in time for the holidays! With our promo, you get great live training from the convenience of your home or office and up to two free iPod Touch players!For more information, visit our iPod training promo page.
PHP Advent Calendar Day 1
Sure, you could override this in your own framework (if you have a centralized mail object/function, for example), but the true beauty of this method is that it works for all calls to the mail() function, even those in third-party libraries.