http://simonwillison.net/2024-01-27T22:08:35+00:00Simon Willison2024-01-27T22:08:35+00:002024-01-27T22:08:35+00:00https://simonwillison.net/2024/Jan/27/interview/#atom-tag

<p><strong><a href="https://www.theregister.com/2024/01/24/willison_ai_software_development/">Simon Willison interview: AI software still needs the human touch</a></strong></p> Thomas Claburn interviewed me for The Register. We talked about AI training copyright, applications of AI for programming, AI security and a whole bunch of other topics. <p>Tags: <a href="https://simonwillison.net/tags/interviews">interviews</a>, <a href="https://simonwillison.net/tags/the-register">the-register</a>, <a href="https://simonwillison.net/tags/ai">ai</a>, <a href="https://simonwillison.net/tags/generative-ai">generative-ai</a>, <a href="https://simonwillison.net/tags/llms">llms</a></p>

2004-11-22T08:32:08+00:002004-11-22T08:32:08+00:00https://simonwillison.net/2004/Nov/22/xss/#atom-tag

<p id="p-0">Here's a nasty one: popular tech news site <a href="http://www.theregister.co.uk/">The Register</a> was hit on Saturday by <a href="http://www.theregister.co.uk/2004/11/10/bofra_worm/">the Bofra exploit</a>, a nasty worm which uses an iframe vulnerability in (you guessed it) Internet Explorer to install nasty things on the victim's PC. Where it gets interesting is that the attack wasn't against the Register themselves; it came through their third party ad serving company, Falk AG.</p> <p id="p-1">This is a classic example of a <a href="http://en.wikipedia.org/wiki/XSS">cross site scripting</a> attack, in which malicious client-side code (usually JavaScript) is uwittingly served up by an otherwise innocent site. Usually, cross site scripting is caused by a badly written server-side application failing to properly escape data sent in a query string before displaying it on a page. This allows attackers to create links which, when followed, steal cookies or cause other nasty effects for the user following the link. Attacks on third parties with scripts served up on a target website's pages (ad serving companies are a classic example) are less common but much more damaging as the malicious code involved will be distributed to everyone who visits that site, whether they click on a hostile link or not.</p> <p id="p-2">This problem isn't restricted to ad servers; any service where web pages point to a JavaScript file hosted on an external site are potentially at risk should the external site be compromised by crackers or abused by its legitimate owner.</p> <p id="p-3">An aside: users of alternative browsers (<a href="http://www.getfirefox.com/">Get Firefox!</a>), as well as those who had upgraded to Windows XP Service Pack 2, were unaffected.</p> <p>Tags: <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/the-register">the-register</a>, <a href="https://simonwillison.net/tags/xss">xss</a></p>

2002-07-04T18:42:57+00:002002-07-04T18:42:57+00:00https://simonwillison.net/2002/Jul/4/palladium/#atom-tag

<p>Via <a href="http://boingboing.net/2002_07_01_archive.html#85221304" title="What is Palladium?">Boing Boing</a>: <a href="http://vitanuova.loyalty.org/2002-07-03.html">Seth Schoen's notes on Palladium</a> after a meeting with Microsoft. Cory Doctorow points out that <q cite="http://boingboing.net/2002_07_01_archive.html#85221304">Seth is probably the most knowledgeable tech person to have been briefed on Palladium by MSFT without signing an NDA</q> and his post certainly makes interesting reading. Palladium has had a lot of coverage since the <a href="http://www.msnbc.com/news/770511.asp?cp1=1">Newsweek article</a> announcing it first broke, with Robert Cringely providing <a href="http://www.pbs.org/cringely/pulpit/pulpit20020627.html" title="I Told You So">some of the best analysis</a> (in my opinion at least). The Register also has a <a href="http://www.theregister.co.uk/content/4/26037.html" title="Palladium tech up for discussion, says MS security chief">story about Palladium</a> which introduces some more information and guestimates on a shipping schedule.</p> <p>Tags: <a href="https://simonwillison.net/tags/boingboing">boingboing</a>, <a href="https://simonwillison.net/tags/microsoft">microsoft</a>, <a href="https://simonwillison.net/tags/palladium">palladium</a>, <a href="https://simonwillison.net/tags/robert-cringely">robert-cringely</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/the-register">the-register</a></p>