How to physically secure your credit card

In this post I want to share with you the two simple steps I came up with to “harden” my credit card security against theft and duplication. In a nutshell, this hardening technique works by removing all the extra information written on the credit card (signature and security code) that are not necessary for it work and are valuable to an “attacker”.

Display your latest Foursquare checkins on your blog using Foursquare API v2 and PHP

In this post I will show you how to use my updated version of the foursquare-php class to display your latest foursquare on your page and blog. I will go through the changes induced by using Foursquare API v2 and what are the new awesome features introduced in this version: getting previous checkins and using the lib as the JSON backend.

Using the Microsoft Geolocalization API to retrace where a Windows laptop has been

EDIT (Tuesday 2nd August) Microsoft Statement is available from here

EDIT (Sunday 31th July) The flaw is fixed: I had a phone call with some people from Microsoft  yesterday (yes on a Saturday) and they told me they fixed the problem. I will update this post with their response as soon as it is out. The demo code does not work anymore.

In our upcoming BlackHat talk, we will show you how the WiFi data stored by Windows can be used to geolocate where your computer has been. While the ability to retrace where a computer has been (and when) certainly carries privacy implications, in this post I want to focus on how we uncovered this data, and the unexpected difficulties we encountered while developing this technique.

Tracking users that block cookies with a HTTP redirect

While the standard technique to track users across multiples sites / visits is to use cookies this is by no means the only way to do this.  Last year Samy, with his famous evercookie application, showed that in fact many browser storages (Flash, locale storage) can be used to store a unique identifier that can act as cookie.

In this post, I will share with you a new tracking technique (AFAIK) that works even when all the browser storages mechanisms are blocked/disable. (edit: @theharmonyguy founded this article about a somewhat related technique that use redirect to pass cookies). What makes this technique unique and hard to block is that it does not rely on a storage mechanism or a JavaScript trick but instead abuse the HTTP mechanism used to make shortened URLs work:  the HTTP redirect header.  Because this tracking technique rely on a HTTP header it will work even if javascript and the browser plug-ins (Flash, Silverlight) are disable.

Analyzing web application performance

The website performance blog posts series focuses on the techniques and tools that can be use to improve a website’s performance.

Optimizing  web application performance is all about numbers and metrics so, before delving into optimization techniques, it is essential to understand what can be optimized and how to measure improvements in performance. In this post, we will review the five areas where website performance can be improved, how to establish a performance baseline, and how to measure progress.