FeedDemon 2.6 Crack Available

Amazing. I've already spotted several warez sites that offer supposedly cracked versions of FeedDemon 2.6, despite the fact that FeedDemon is now free. That's right, folks - instead of safely downloading the free version from our site, you can download it from a warez site, where it may come with all sorts of bonus payloads! [read more]

Saturday, January 12, 2008 in FeedDemon, Security | Permalink | Comments (12) | Incoming Links

Sanitizing CSS: 10 Tips for Aggregator Developers

Earlier this week I wrote about sanitizing CSS, and I've been thinking about it a bit more. Like many RSS aggregators, for security and presentation reasons the current version of FeedDemon strips all inline styles before displaying a feed, and I thought this was the best approach. But after seeing the Wikipedia feed that Sam Ruby pointed me to, I'm... [read more]

Friday, October 05, 2007 in FeedDemon, Security, Syndication | Permalink | Comments (4) | Incoming Links

Response: On Stripping Styles for Security

Adrian Sutton blogs about the lack of CSS support in RSS aggregators, and concludes: "There has been a huge push in recent years to move away from the old habits of early HTML and to leverage CSS for presentation - the fact that it doesn't work in feed readers is a major pain for people trying to do the right... [read more]

Wednesday, October 03, 2007 in FeedDemon, Security, Syndication, TopStyle | Permalink | Comments (5) | Incoming Links

Is Steve Jobs Giving Up on the Desktop?

Apparently a few people were surprised when I blogged about being disappointed when I heard that third-party developers wouldn't be able to build native iPhone apps. After all, I'm a Windows desktop developer, so why would I care about the iPhone? The truth is, even though I'm a desktop developer, I think the future of computing is mobile. Before long,... [read more]

Sunday, July 01, 2007 in Security, Software | Permalink | Comments (7) | Incoming Links

Simplicity Ain't So Simple, Part VI: Simple = Secure

If you want to create software that's used by a lot of people, you already know you've got to make it simple. But if you're designing a desktop application which connects to the Internet, you've also got to make it secure. [read more]

Friday, December 15, 2006 in Security, Software | Permalink | Comments (2) | Incoming Links

Why do firewalls have to be such a PITA?

I'm in a ranting mood today, so it's the perfect time for me to complain about the state of firewalls. Specifically, about how they're an incredible pain for desktop developers and support technicians to deal with. Here's the deal: every single time a new version of FeedDemon is released, we get complaints that it no longer connects to the Internet.... [read more]

Thursday, November 30, 2006 in Security, Software | Permalink | Comments (13) | Incoming Links

Kudos to Microsoft

I'll echo Sam Ruby's comments: "When the IE team screws up, it makes front page news everywhere. If life were fair, items like this one would get equal coverage." Microsoft takes a lot of crap about security, but they deserve credit for putting security first in IE7's RSS implementation. I also want to thank Microsoft's Sean Lyndersay for reaching out... [read more]

Saturday, September 09, 2006 in Security, Syndication | Permalink | Comments (1) | Incoming Links

Feed Security and FeedDemon, Part III

Last month I promised to talk about the exploits that James Snell uncovered which left feed readers vulnerable to some very annoying script-based attacks. I didn't want to provide details of the exploits until other feed readers had patched them, but now that James has published his test suites, I figure it's time to open the kimono. But before I... [read more]

Thursday, September 07, 2006 in FeedDemon, Security, Syndication | Permalink | Comments (6) | Incoming Links

I Missed my Calling

Yesterday I was talking with Brent Simmons and Brian Kellner about feed security, and how you really have to think like a hacker to find vulnerabilities in your software. That reminded me of my own brief experience as a software cracker, which I told them about. See, back in early 1990s I had a short consulting stint with a large... [read more]

Friday, September 01, 2006 in Security, Software | Permalink | Comments (3) | Incoming Links

Feed Security and FeedDemon, Part II

In my previous post I wrote about FeedDemon's security features, the most important of which is the fact that FeedDemon's newspapers operate in Internet Explorer's "Internet Zone" instead of the less secure local zone. This means that even if someone finds a way to trick FeedDemon into running script, it can't access the local zone (so it can't touch your... [read more]

Wednesday, August 23, 2006 in FeedDemon, Security | Permalink | Comments (9) | Incoming Links