Sunday, June 8th, 2008
OK gang, this is one of those rare moments where feedback from community will directly influence a security feature that’ll make a real difference. First some background...
About 6 months ago Brandon Sterne left a cushy infosec position at eBay for Mozilla to solve an extremely important Web security problem he ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, June 4th, 2008
Recently Arshan Dabirsiaghi, Director of Research of Aspect Security, published a white paper entitled “Bypassing URL Authentication and Authorization with HTTP Verb Tampering”. Initially there was a lot of confusion about what exactly was being explained or claimed. Including, is it real? Is it novel? Is it dangerous? What is ...
Posted in Coding, Internet, Privacy, Security | No Comments
Sunday, June 1st, 2008
XSS (Cross-Site Scripting) Very Much Alive and Kicking
We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the ...
Posted in Coding, Internet, Security | No Comments
Friday, May 23rd, 2008
A researcher has spotted a security problem in Facebook that could lead to hackers taking control of user accounts.
The flaw allows a hacker to execute scripts on Facebook that could potentially be used to create a fake log-in page and capture people's passwords, according to the XSSED security blog. The ...
Posted in Coding, Internet, Privacy, Security | No Comments
Tuesday, May 20th, 2008
Developers of the Firefox browser are designing new technologies aimed at protecting users from some of the nastiest and most prevalent forms of website attacks.
One protection is designed to minimize end users' risk to cross-site scripting (XSS) attacks and cross-site request forgeries (CSRFs), both of which subvert basic internet security ...
Posted in Coding, Internet, Privacy, Security | No Comments
