Apparently Google Maps/Google Local has been producing some confusing and incorrect results today. Searches results contain duplicates entries but shows them on the map at different points, sometimes miles away. This blog entry describes some of the problems along with some very odd looking screenshots.

OWASP's Top Ten Web Application Vulnerabilities document, previously discussed on Slashdot, has just undergone its first major rewrite in three years. The new version, besides providing more up-to-date data, does a better job at focusing on Web application specific problems and solutions for them. Following the advice in the previous version is required by many companies and government agencies and the new version is sure to make its way into standards as well. Unless you are already certain that your web site is not vulnerable to CSRF, one of the vulnerabilities added in this new version, the document is a must-read for Web application developers.

One interesting fact to note is that none of the top 10 vulnerabilities are platform, language, OS, or framework specific. Some vulnerabilities are easier or harder to introduce in some environments, but all environments are vulnerable to them.

Another blog entry to reply to. He doesn't seem to realize that there are lots of reasonable places in between having an extremely public hacking contest with a large ($10K) reward and not having any reward. Yet he still discusses "responsible disclosure". While I'd like to believe everyone will just adopt responsible disclosure, the world isn't that way and paying people to keep their mouth shut, I mean giving them a prize, can only help.

A blog entry on password management. I want to blog about this as I strongly disagree with his statement that these trivial measures are better than using paper and pencil, at least in some circumstances. This relates to the /. article.

See my blog instead. I discuss all aspects of my geekness.