entropia

Breaking news from the interwebs:  Ajax isn’t 100% secure.  Your app isn’t safe.  Your data isn’t protected.  Your privacy is gone.  All your base are belong to the hackers.

Appearantly it’s time to go back to tin cans and strings.  This newfangled Web2.0 thingy has caused nothing but trouble.  Now you can’t even trust the data you receive from the server to be genuine.  What’s next?  Will Web3.0 come into your house while you sleep and download pornography and illegal MP3s?

In case you don’t have your sarcasm font installed, let me make something clear:  the internet is insecure.  Always has been; always will be.  Every developer should always assume that every byte uploaded or downloaded is corrupt, compromised, and counterfeit.  This is Internet Programming 101:  verify data before using it.

But for some reason, every tech site and blog is obsessing over some paper from Fortify Software about “javascript hijacking”.  Here’s a rundown:  they took a known (and solved) security issue (cross-site scripting), renamed it to “javasript hijacking”, and created hysteria.

It must be a slow news week.  Or maybe everyone’s just recovering from April Fools.  We spend one day shrugging off every story, post, and news item, then spend the next week overreacting to the first bit of truth we find.