The Tea and Biscuit infographic from Green Hat Design in the UK shows avid dunkers of biscuits the proper timing to keep their favorite snacks in the tea or coffee to conquer floppage and avoid the disappointment of contamination! Also available as a high-resolution PDF.

via Cool Infographics – Blog.

Posted on February 10, 2012 by Brad Friedman

HubSpot has put together this great Infographic on the history of marketing. Take a look at how technology has changed the way marketers do their jobs, how consumers have responded (not always so favorably).

via The History of Marketing (An INFOGRAPHIC) | The Fried Side.

plastic bottle carrier by ka-lai chan ‘bottled’ by ka-lai chan

In certain cities, supermarkets are encouraging patrons to return their recyclable PET bottles by offering them a rebate.

Tapping into this incentive and the hassle of having to carry a large quantity of empty bottles, netherlands-based designer ka-lai chan has come up with ‘bottled’, a carrier which makes this task a lot easier and more efficient.

The flat rubber-like disk has a ten openings whereby one can easily slip the nozzles of the empty bottles through the holes.

the lightweight design has a built-in handle making it user-friendly to carry around, encouraging green behavior.

via plastic bottle carrier by ka-lai chan.

remove app deletes unwanted passersby from photos

‘remove’ app by scalado lets users remove unwanted objects from photos

‘remove’, a smartphone app developed by mobile imaging technology innovators scalado, automatically highlights and removes unwanted objects like cars or passersby from a captured photo.

Upon pressing the shutter button, the app actually snaps multiple pictures in a row in order to assess the ‘real’ background, without passersby. clicking ‘remove’ automatically displays the composited shot without the objects that the app has detected to be removable; users may also toggle to another screen that allows them to handselect which details to remove or keep from each frame. users may also load and retweak previous captures at any time.

via remove app deletes unwanted passersby from photos.

Five Steps To Solving the Mobility Security Puzzle Policy by Joel Snyder

1. Policy: Create a policy that covers the device life cycle, from selection to recovery.
2. Data in Motion: Data In Encrypt all data over cell and WiFi networks. Use VPN clients or application layer encryption.
3. Data at Rest: Data at Encrypt data stored on device. Manage cached data with 3rd party software and passwords.
4. Malware Protection: Malware Protect against malware with policy (Bluetooth, downloads) and technology (anti-malware SW).
5. Authentication: Require user authentication at points required for acceptable risk/aggravation.

OWASP SQL Injection prevention rules: Target for an attack here is the Business Database.
1) Parameterised queries – Prepared statements in Java and parameters to command statements in .NET
2) Not to implement dynamic SQL statement creation – Use stored procedures
3) Escaping All User Supplied Input

For more information on SQL injection visit OWASP

Other Entities: Encode user data to encapsulate for all other interpretors on your webserver – LDAP, JS, XML, XSLT, XPATH, LOGS and Shell script

XSS Injection:Number 2 in OWASP Top 10 – 2010
Type 1: XSS is basically script injection written in Javascript.The target is to use vulnerability within your web application to distribute intended attack to other application users. This leads the attacker to steal end users session cookie (document.cookie) and use their sessions on other sites without their knowledge. This also enables the attacker to rewrite any part of the website to collect sensitive information.

Type 2: The other way is to append a html event within a text/text area which then leads the attacker to execute XSS attack without using Javascript.

To prevent the above attacks it is very essential that the developers validate and encode data before submitting to their web application using standard Whitelist validation and implement contextual encoding based on where and how the data is being collected within a web application.

Owasp XSS Prevention Rules

RULE #0 – Never Insert Untrusted Data Except in Allowed Locations
RULE #1 – HTML Escape Before Inserting Untrusted Data into HTML Element Content
RULE #2 – Attribute Escape Before Inserting Untrusted Data into HTML Common Attributes
RULE #3 – JavaScript Escape Before Inserting Untrusted Data into HTML JavaScript Data Values
RULE #4 – CSS Escape Before Inserting Untrusted Data into HTML Style Property Values
RULE #5 – URL Escape Before Inserting Untrusted Data into HTML URL Parameter Values
RULE #6 – Use an HTML Policy engine to validate or clean user-driven HTML in an outbound way
RULE #7 – Prevent DOM-based XSS

For more information about XSS visit OWASP