Some interesting news in Astronomy this week: the discovery of the hottest known planet [The Economist] and pictures of the oldest light sources yet discovered [The New Scientist]. 10:52:36 PM      

The Open Web Application Security Project has release a list of the top 10 security vulnerabilities affecting web applications [OWASP]. This guide is targeted at web application developers.

The security issues raised here are not new. In fact, some have been well understood for decades. Yet for some reason, major software development projects are still making these mistakes and jeopardizing not only their customers’ security, but also the security of the entire Internet.

The way they say it here, they seem surprised that developers are making the same mistakes over and over again. Well, it really comes as little surprise to me. Most web developers don't know a whole lot about security; they figure things out as they go along. There is no cookie cutter recipe for building applications of any sort and even less when it comes to web applications. When a development team goes about building a web application, the knowledge that is brought to bare on the problem is diverse and in no way guaranteed to be "complete". Therefore, mistakes are made and made again in a continuously repeating cycle.

Anyhow, documentation like this can only help. It at least provides a simple checklist that developers can use when working on a project to help them avoid the most common security problems. 10:46:16 PM      

The RIAA and MPAA have finally managed to get Sharman Networks, the parent company of Kazaa, into a court under U.S. jurisdiction [ArsTechnica]. They've been trying for a while now but have been unable to do so since Sharman is based out of Australia. I'll try to keep you posted as the story develops. 10:24:54 PM