Programación en Internet

Blog de la asignatura de la titulación Ingeniero en Informática

14 diciembre 2018
by Sergio Luján Mora
0 comments

Brecha de seguridad en Quora

Hace unos días recibí el siguiente correo de Quora avisando de una brecha de seguridad. Aseguran que la contraseña estaba encriptada, es más, dicen “the passwords were encrypted (hashed with a salt that varies for each user)”:

We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party. We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.

What Happened

On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to our systems. We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.

While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company.

What information was involved

The following information of yours may have been compromised:

  • Account and user information, e.g. name, email, IP, user ID, encrypted password, user account settings, personalization data
  • Public actions and content including drafts, e.g. questions, answers, comments, blog posts, upvotes
  • Data imported from linked networks when authorized by you, e.g. contacts, demographic information, interests, access tokens (now invalidated)
  • Non-public actions, e.g. answer requests, downvotes, thanks

Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.

What we are doing

While our investigation continues, we’re taking additional steps to improve our security:

  • We’re in the process of notifying users whose data has been compromised.
  • Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords.
  • We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements.

We will continue to work both internally and with our outside experts to gain a full understanding of what happened and take any further action as needed.

What you can do

We’ve included more detailed information about more specific questions you may have in our help center, which you can find here.

While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so.

Conclusion

It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.

The Quora Team

10 diciembre 2018
by Sergio Luján Mora
0 comments

No todo vale en el software, igual que no todo vale en la construcción

España es un país donde se construyen muchas viviendas, aunque no tantas como antes (La burbuja que embriagó a España):

Corría el año 2000 cuando el sector de la vivienda comienza a crecer desaforadamente. Los precios subían un 17% anual con una inflación muy reducida, lo que implicaba un elevado crecimiento en términos reales. Cada año se iniciaban una media de unas 600.000 casas, llegando al récord de 762.540 en 2006, más que las iniciadas por Alemania, Italia, Francia y Reino Unido juntas, según datos del Ministerio de Fomento.

En general, en España los acabados son buenos, comparado con otros países, aunque a veces las pifias son impresionantes. Pero en otros países lo son más y he visto cosas que en España nadie aceptaría. Lo siguiente es un ejemplo de una vivienda de nueva construcción de otro país en el que estuve alojado recientemente:

Las fotografías que he puesto pertenecen a un edificio en el que vive gente, ¡funciona!

¿Lo damos por bueno, es un buen edificio? No. Pues lo mismo pasa con el software, con el código, muchas veces: que funcione no significa que sea bueno.

5 diciembre 2018
by Sergio Luján Mora
1 Comment

Cosas de CSS que se pueden aprender en 30 segundos

Muy útil el sitio web 30 Seconds of CSS.

Por ejemplo, ¿cómo truncar una línea de texto para poner al final una elipsis?

HTML:

<p class=”truncate-text”>If I exceed one line’s width, I will be truncated.</p>

CSS:

.truncate-text {
overflow: hidden;
white-space: nowrap;
text-overflow: ellipsis;
width: 200px;
}

¿Cómo hacer una lista con diseño de color zebra?

HTML:

<ul>
<li>Item 01</li>
<li>Item 02</li>
<li>Item 03</li>
<li>Item 04</li>
<li>Item 05</li>
</ul>

CSS:

li:nth-child(odd) {
background-color: #eee;
}

3 diciembre 2018
by Sergio Luján Mora
0 comments

UK Government Web Archive

UK Government Web Archive es una iniciativa del gobierno del Reino Unido que tiene como objetivo preservar toda la información publicada en los sitios web oficiales del gobierno:

We capture, preserve, and make accessible UK central government information published on the web. The web archive includes videos, tweets, and websites dating from 1996 to present.