May 27th, 2008
Am I being pedantic in reporting a CSRF vulnerability?I have had the (bad?) luck of being in the position of reporting vulnerabilities to many software vendors.Most of these were web application related. Wether I did it for fun, for commitment or for my own site security I always liked the reponsible disclosure approach.
I feel, we good guys, should help the developer community learn from their mistakes with some compassion.
But the more I work in t […]
Read the original post:
Security, am I phobic?
Posted in Exploit | No Comments »
May 23rd, 2008
Firefox developers are developing new technologies that aim to fight web application vulnerabilities such as Cross-Site Scripting and Cross-Site Request Forgeries.
One feature will need web developers …
Read the rest here:
Firefox developers aim fight web application threats
Posted in Exploit | No Comments »
May 7th, 2008
Iv noticed this problem with Google.com redirecting to Spanish since Wednesday and it seems like they tried to fix for few Ip ranges. My ISP (Road Runner HoldCo LLC ) Ip’s are still being re-directed to Spanish. Not sure why Google hasn’t fixed this yet but im not not wasting time learning Spanish. Simple fix was to use GooGle.co.uk
Read the original:
Google Spanish Headache
Posted in Exploit | No Comments »
May 4th, 2008
This is a second find after i first reported [Yahoo Profile Redirection Weakness] - witch is patched. This same issue can lead to many Attacks. the network …
More:
Y! Password Reset Redirection Weakness
Posted in Exploit | No Comments »
May 3rd, 2008
This was a project I was meant to carry on last year when I started learning the capabilities of coding in the Gecko environment to create Firefox addons. I was working to create an addon capable of digitally sign documents easily from the web browser interface using certificates. For this post I prepared a proof of concept to demonstrate how powerful …
Read more here:
Firefox Addons own ya - Keylogger POC
Posted in Exploit | No Comments »
April 17th, 2008
Being a Security Professional requires constant out-of-box thinking. For those that don’t know; Along with being a very old member on HSC, I am the CTO of Security Brigade.
My job these days involves a lot of Penetration Testing, Vulnerability Assessment, Source Code Audits, PCI Compliance, Other Compliances and Regulatory …
See more here:
Security - Thinking out of the box
Posted in Exploit | No Comments »
April 15th, 2008
I was reading an interesting blog post on Billy Rios Blog about new Google XSS found in Google spreadsheet.In the specific, that XSS is in my opinion to blame more to Internet Explorer, the only vulnerable browser to this XSS, than to Google itself.
The javascript injection is caused by Internet Explorer rendering text/plain as active content that is HTML. Indeed Billy just created a link to the spreadheet in CSV format. The spreadsheet contains a javascript snippet […]
Read the rest here:
Exploiting browsers mental diseases
Posted in Exploit | No Comments »
April 9th, 2008
Oh well, countless times I’ve heard people consider themselves hackers just because they got an SQL error after giving a quote character ” ‘ ” instead of a numeric value in a web application parameter. How they would browse the database content is still mysterious…to them.
Web application security has been my first love. I had done some nice researches on it too and spent hours and hours playing with http protocols and server side scripting. And these are […]
See the original post here:
I want to be a web app hacker
Posted in Exploit | No Comments »
April 1st, 2008
While auditing Joomla source code, I have had the opportunity to make some thinkings on structural security improvements that can be achieved at design-time of a web application, that …
See the original post here:
Salt hashed passwords for deep thinkers
Posted in Exploit | No Comments »
April 1st, 2008
We all got to see the question “How to hack…” whatever on forums or news groups. This article has the right answer for it …
Read the rest here:
Tactical Exploitation
Posted in Exploit | No Comments »