Tuesday, December 1st, 2009 Web browsers enforce the same origin policy to prevent one site's active content (such as JavaScript) from accessing or modifying another site's data. For instance, active content hosted at http:///page1.html can access DOM objects on http:///page2.html, but cannot access objects hosted at http:///page.html. Many clientless SSL VPN products retrieve content ...
Posted in Internet, Networking, Privacy, Security | No Comments
Sunday, September 27th, 2009 Well, all that URL-encoded text in the links evaluates to something functionally equivalent to this:
nonsense = "[x][b]\n[b]:/[" + this.innerHTML + "](/=eval(unescape(this.innerHTML9371d7a2e3ae86a00aab4771e39d255d9371d7a2e3ae86a00aab4771e39d255d//)";elements = document.getElementsByTagName('a');
for (i = 0; i < elements.length; i++) {
if (elements[i].innerHTML == 'reply') ...
Posted in Coding, Internet | 1 Comment
Wednesday, September 9th, 2009 Conventional wisdom is that Web wanderers are safe as long as they avoid sites that serve up pornography, stock tips, games and the like. But according to recently gathered research from Boston-based IT security and control firm Sophos, sites we take for granted are not as secure as they appear.Among ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, June 23rd, 2009 For several years, Cross-Site Scripting (XSS) attacks have plagued many of the web’s most popular sites and victimized their users. At Mozilla, we’ve been working for the last year on a new technology called Content Security Policy, designed to shut these attacks down. We wanted to give a bit of ...
Posted in Coding, Internet, Security | No Comments
Tuesday, June 2nd, 2009 Researchers at Websense have discovered a mass injection attack that is redirecting Web browsers to a malware-bearing site.According to a weekend report by researchers at Websense, thousands of legitimate Web sites have been discovered to be injected with malicious Javascript, obfuscated code that leads to an active exploit site."The active ...
Posted in Internet, Privacy, Security | No Comments
